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The All in One SEO — Best WordPress SEO Plugin — Easily 
Improve Your SEO Rankings before 4.1.0.2 enables authenticated 
users with "aioseo_tools_settings" privilege (most of the time 
admin) to execute arbitrary code on the underlying host. Users 
aioseo -- all_in_one_seo can restore plugin's configuration by uploading a backup .ini file in || 2021-05-24 
the section "Tool > Import/Export". However, the plugin attempts to 
unserialize values of the .ini file. Moreover, the plugin embeds 
Monolog library which can be used to craft a gadget chain and 
thus trigger system command execution. 


CVE-2021-24307 
Multiple vulnerabilities in Cisco DNA Spaces Connector could 


CONFIRM 
MISC 





Ico 








allow an authenticated, local attacker to elevate privileges and 
execute arbitrary commands on the underlying operating system 
as root. These vulnerabilities are due to insufficient restrictions 
during the execution of affected CLI commands. An attacker could 
exploit these vulnerabilities by leveraging the insufficient 
restrictions during execution of these commands. A successful 
exploit could allow the attacker to elevate privileges from 
dnasadmin and execute arbitrary commands on the underlying 
loperating system as root. 


Multiple vulnerabilities in Cisco DNA Spaces Connector could 
allow an authenticated, local attacker to elevate privileges and 
execute arbitrary commands on the underlying operating system 
as root. These vulnerabilities are due to insufficient restrictions 
during the execution of affected CLI commands. An attacker could 
exploit these vulnerabilities by leveraging the insufficient 
restrictions during execution of these commands. A successful 
exploit could allow the attacker to elevate privileges from 
dnasadmin and execute arbitrary commands on the underlying 
loperating system as root. 


Multiple vulnerabilities in Cisco DNA Spaces Connector could 
allow an authenticated, remote attacker to perform a command 
injection attack on an affected device. These vulnerabilities are 
due to insufficient input sanitization when executing affected 
cisco -- dna_spaces\ commands. A high-privileged attacker could exploit these 2021-05-22 
vulnerabilities on a Cisco DNA Spaces Connector by injecting 
crafted input during command execution. A successful exploit 
could allow the attacker to execute arbitrary commands as root 
within the Connector docker container. 


CVE-2021-1558 


cisco -- dna_spaces\ ciISCO 


2021-05-22 











CVE-2021-1557 


cisco -- dna_spaces\ ciISCO 


2021-05-22 











CVE-2021-1560 
CISCO 


Io 
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cisco -- dna_spaces\ 


Multiple vulnerabilities in Cisco DNA Spaces Connector could 
allow an authenticated, remote attacker to perform a command 
injection attack on an affected device. These vulnerabilities are 
due to insufficient input sanitization when executing affected 
commands. A high-privileged attacker could exploit these 
vulnerabilities on a Cisco DNA Spaces Connector by injecting 
crafted input during command execution. A successful exploit 
could allow the attacker to execute arbitrary commands as root 
within the Connector docker container. 


2021-05-22 


Ico 


CVE-2021-1559 
CISCO 








cisco -- 


A vulnerability in the web-based management interface of Cisco 
Prime Infrastructure and Evolved Programmable Network (EPN) 
Manager could allow an authenticated, remote attacker to execute 
arbitrary commands on an affected system. The vulnerability is 
due to insufficient validation of user-supplied input to the web- 
based management interface. An attacker could exploit this 
vulnerability by sending crafted HTTP requests to the interface. A 
successful exploit could allow the attacker to execute arbitrary 


evolved_programmable_network_macamenands on the underlying operating system (OS) with the 


permissions of a special non-root user. In this way, an attacker 
could take control of the affected system, which would allow them 
to obtain and alter sensitive data. The attacker could also affect 
the devices that are managed by the affected system by pushing 
arbitrary configuration files, retrieving device credentials and 
confidential information, and ultimately undermining the stability of 
the devices, causing a denial of service (DoS) condition. 


2021-05-22 


Io 


CVE-2021-1487 
CISCO 








cisco -- modeling_labs 


A vulnerability in the web UI of Cisco Modeling Labs could allow 
an authenticated, remote attacker to execute arbitrary commands 
with the privileges of the web application on the underlying 
operating system of an affected Cisco Modeling Labs server. This 
vulnerability is due to insufficient validation of user-supplied input 
ito the web UI. An attacker could exploit this vulnerability by 
sending a crafted HTTP request to an affected server. A 
successful exploit could allow the attacker to execute arbitrary 
commands with the privileges of the web application, virl2, on the 
underlying operating system of the affected server. To exploit this 
vulnerability, the attacker must have valid user credentials on the 
web UI. 


2021-05-22 


Ico 


CVE-2021-1531 
CISCO 








cisco -- wap125_firmware 


Multiple vulnerabilities in the web-based management interface of 
certain Cisco Small Business 100, 300, and 500 Series Wireless 
Access Points could allow an authenticated, remote attacker to 
perform command injection attacks against an affected device. 
‘These vulnerabilities are due to improper validation of user- 
supplied input. An attacker could exploit these vulnerabilities by 
sending crafted HTTP requests to the web-based management 
interface of an affected system. A successful exploit could allow 
the attacker to execute arbitrary commands with root privileges on 
the device. To exploit these vulnerabilities, the attacker must have 
valid administrative credentials for the device. 


2021-05-22 


Io 


CVE-2021-1550 
CISCO 








cisco -- wap125_firmware 


Multiple vulnerabilities in the web-based management interface of 
certain Cisco Small Business 100, 300, and 500 Series Wireless 
Access Points could allow an authenticated, remote attacker to 
perform command injection attacks against an affected device. 
‘These vulnerabilities are due to improper validation of user- 
supplied input. An attacker could exploit these vulnerabilities by 
sending crafted HTTP requests to the web-based management 
interface of an affected system. A successful exploit could allow 
the attacker to execute arbitrary commands with root privileges on 
the device. To exploit these vulnerabilities, the attacker must have 
valid administrative credentials for the device. 


2021-05-22 


Io 


CVE-2021-1555 
CISCO 











cisco -- wap125_firmware 





Multiple vulnerabilities in the web-based management interface of 
certain Cisco Small Business 100, 300, and 500 Series Wireless 
Access Points could allow an authenticated, remote attacker to 
perform command injection attacks against an affected device. 
‘These vulnerabilities are due to improper validation of user- 
supplied input. An attacker could exploit these vulnerabilities by 
sending crafted HTTP requests to the web-based management 
interface of an affected system. A successful exploit could allow 
the attacker to execute arbitrary commands with root privileges on 
the device. To exploit these vulnerabilities, the attacker must have 





valid administrative credentials for the device. 








2021-05-22 





Io 





CVE-2021-1554 
CISCO 
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cisco -- wap125_ firmware 


Multiple vulnerabilities in the web-based management interface of 
certain Cisco Small Business 100, 300, and 500 Series Wireless 
Access Points could allow an authenticated, remote attacker to 
perform command injection attacks against an affected device. 
‘These vulnerabilities are due to improper validation of user- 
supplied input. An attacker could exploit these vulnerabilities by 
sending crafted HTTP requests to the web-based management 
interface of an affected system. A successful exploit could allow 
the attacker to execute arbitrary commands with root privileges on 
the device. To exploit these vulnerabilities, the attacker must have 
valid administrative credentials for the device. 


2021-05-22 


Ico 


CVE-2021-1553 
CISCO 








cisco -- wap125_firmware 


Multiple vulnerabilities in the web-based management interface of 
certain Cisco Small Business 100, 300, and 500 Series Wireless 
Access Points could allow an authenticated, remote attacker to 
perform command injection attacks against an affected device. 
‘These vulnerabilities are due to improper validation of user- 
supplied input. An attacker could exploit these vulnerabilities by 
sending crafted HTTP requests to the web-based management 
interface of an affected system. A successful exploit could allow 
the attacker to execute arbitrary commands with root privileges on 
ithe device. To exploit these vulnerabilities, the attacker must have 
valid administrative credentials for the device. 


2021-05-22 


Ico 


CVE-2021-1552 
CISCO 








cisco -- wap125_ firmware 


Multiple vulnerabilities in the web-based management interface of 
certain Cisco Small Business 100, 300, and 500 Series Wireless 
Access Points could allow an authenticated, remote attacker to 
perform command injection attacks against an affected device. 
‘These vulnerabilities are due to improper validation of user- 
supplied input. An attacker could exploit these vulnerabilities by 
sending crafted HTTP requests to the web-based management 
interface of an affected system. A successful exploit could allow 
the attacker to execute arbitrary commands with root privileges on 
the device. To exploit these vulnerabilities, the attacker must have 
valid administrative credentials for the device. 


2021-05-22 


Ico 


CVE-2021-1551 
CISCO 








cisco -- wap125_firmware 


Multiple vulnerabilities in the web-based management interface of 
certain Cisco Small Business 100, 300, and 500 Series Wireless 
Access Points could allow an authenticated, remote attacker to 
perform command injection attacks against an affected device. 
‘These vulnerabilities are due to improper validation of user- 
supplied input. An attacker could exploit these vulnerabilities by 
sending crafted HTTP requests to the web-based management 
interface of an affected system. A successful exploit could allow 
the attacker to execute arbitrary commands with root privileges on 
the device. To exploit these vulnerabilities, the attacker must have 
valid administrative credentials for the device. 


2021-05-22 


Io 


CVE-2021-1548 
CISCO 








cisco -- wap125_ firmware 


Multiple vulnerabilities in the web-based management interface of 
certain Cisco Small Business 100, 300, and 500 Series Wireless 
Access Points could allow an authenticated, remote attacker to 
perform command injection attacks against an affected device. 
‘These vulnerabilities are due to improper validation of user- 
supplied input. An attacker could exploit these vulnerabilities by 
sending crafted HTTP requests to the web-based management 
interface of an affected system. A successful exploit could allow 
the attacker to execute arbitrary commands with root privileges on 
the device. To exploit these vulnerabilities, the attacker must have 
valid administrative credentials for the device. 


2021-05-22 


Io 


CVE-2021-1549 
CISCO 








cisco -- wap125_firmware 


Multiple vulnerabilities in the web-based management interface of 
certain Cisco Small Business 100, 300, and 500 Series Wireless 
Access Points could allow an authenticated, remote attacker to 
perform command injection attacks against an affected device. 
‘These vulnerabilities are due to improper validation of user- 
supplied input. An attacker could exploit these vulnerabilities by 
sending crafted HTTP requests to the web-based management 
interface of an affected system. A successful exploit could allow 
the attacker to execute arbitrary commands with root privileges on 
ithe device. To exploit these vulnerabilities, the attacker must have 
valid administrative credentials for the device. 


2021-05-22 


Ico 


CVE-2021-1547 
CISCO 








codesys -- v2_runtime_system_sp 


CODESYS V2 runtime system SP before 2.4.7.55 has a Stack- 
based Buffer Overflow. 


2021-05-25 


CVE-2021-30188 
MISC 
MISC 








codesys -- v2_web_server 


CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based 
Buffer Overflow. 


2021-05-25 


CVE-2021-30189 
MISC 
MISC 








codesys -- v2_web_server 











CODESYS V2 Web-Server before 1.1.9.20 has Improper Access 
Control. 








2021-05-25 











CVE-2021-30190 
MISC 
MISC 
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Primary are P Cvss Source & Patch 
Vendor -- Product Pescmpton Published | Score Info 
CVE-2021-30192 
codesys -- v2_web_server CODESYS V2 Web-Server before 1.1.9.20 has an Improperly 2021-05-25 75 MISC 
Implemented Security Check. MISC 
CVE-2021-30193 
codesys -- v2_web_server reali V2 Web-Server before 1.1.9.20 has an Out-of-bounds 2021-05-25 78 MISC 
ite. MISC 
college_management_system_projeqP?rojectsworlds College Management System Php 1.0 is CVE-2020-25409 
i ae : 2021-05-24 £5 MISC 
-- college_management_system vulnerable to SQL injection issues over multiple parameters. MISC 
: re 7 Prototype pollution vulnerability in 'deep-defaults' versions 1.0.0 7 i 
oe deep through 1.0.5 allows attacker to cause a denial of service and may||_ 2021-05-25 L5 a 
lead to remote code execution. esac 
EyesOfNetwork eonweb through 5.3-11 allows Remote Command CVE-2021-33525 
avesotnetwore fevesornetwork Execution (by authenticated users) via shell metacharacters in the 2024-05-24 9 MISC SS 
y y nagios_path parameter to lilac/export.php, as demonstrated by = MISC 
%26%26+curl to insert an "&& curl" substring for the shell. i 
IBM Security Guardium 11.2 could allow a remote authenticated 
attacker to execute arbitrary commands on the system. By CVE-2021-20385 
ibm -- security_guardium sending a specially-crafted request, an attacker could exploit this 2021-05-24 a CONFIRM 
vulnerability to execute arbitrary commands on the system. IBM X- XF 
Force ID: 195766. 
IBM Security Guardium 11.2 could allow a remote authenticated CVE-2021-20557 
ibm -- security_guardium attacker to execute arbitrary commands on the system by sending || 2021-05-24 9 XF 
a specially crafted request. IBM X-Force ID: 199184. CONFIRM 
IBM Security Guardium 11.2 contains hard-coded credentials, 
such as a password or cryptographic key, which it uses for its own CVE-2021-20426 
ibm -- security_guardium inbound authentication, outbound communication to external 2021-05-24 25 CONFIRM 
components, or encryption of internal data. IBM X-Force ID: XF 
196313. 
This vulnerability allows local attackers to escalate privileges on 
affected installations of Linux Kernel 5.11.15. An attacker must 
first obtain the ability to execute low-privileged code on the target 
system in order to exploit this vulnerability. The specific flaw exists CVE-2021-31440 
linux -- linux_kernel within the handling of eBPF programs. The issue results from the |} 2021-05-21 ars MISC 
lack of proper validation of user-supplied eBPF programs prior to MISC 
executing them. An attacker can leverage this vulnerability to 
escalate privileges and execute arbitrary code in the context of the 
kernel. Was ZDI-CAN-13661. 
Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 CVE-2020-28900 
F F and earlier and Nagios XI 5.7.5 and earlier allows for Escalation of MISC 
Hagia -Tsiel Privileges or Code Execution as root via vectors related to an eel aee 10 MISC 
untrusted update package to upgrade_to_latest.sh. MISC 
CVE-2020-28908 
: F Command Injection in Nagios Fusion 4.1.8 and earlier allows for MISC 
nagios — fusion Privilege Escalation to nagios. eethee8 L8 MISC 
MISC 
ICVE-2020-28902 
F ‘ Command Injection in Nagios Fusion 4.1.8 and earlier allows MISC 
nage Tustoi Privilege Escalation from apache to root in cmd_subsys.php. peel 10 MISC 
MISC 
Incorrect SSL certificate validation in Nagios Fusion 4.1.8 and CVE-2020-28907 
F F earlier allows for Escalation of Privileges or Code Execution as MISC 
nagios — fusion root via vectors related to download of an untrusted update eee 10 MISC 
package in upgrade_to_latest.sh. MISC 
Incorrect File Permissions in Nagios XI 5.7.5 and earlier and CVE-2020-28906 
F F Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to MISC 
Rggnes = -tuntan root. Low-privileged users are able to modify files that are included ately es g MISC 
(aka sourced) by scripts executed by root. MISC 
Command Injection in Nagios Fusion 4.1.8 and earlier allows for oo 
nagios -- fusion Privilege Escalation or Code Execution as root via vectors related |} 2021-05-24 10 MISC 
to corrupt component installation in cmd_subsys.php. MISC 
Incorrect File Permissions in Nagios Fusion 4.1.8 and earlier CVE-2020-28909 
: , allows for Privilege Escalation to root via modification of scripts. MISC 
Magis = fusion Low-privileges users are able to modify files that can be executed al 2 MISC 
by sudo. MISC 
Execution with Unnecessary Privileges in Nagios Fusion 4.1.8 and wo 
nagios -- fusion earlier allows for Privilege Escalation as nagios via installation of a||_ 2021-05-24 25 MISC 
malicious component containing PHP code. MISC 











https://content.govdelivery.com/accoun 


ts/USDHSCISA/bulletins/2e20e17 


4/38 








6/1/2021 


Vulnerability Summary for the Week of May 24, 2021 





































































































user/ztconfig.php via the daohang or img POST parameter. 

















Primary oar P Cvss Source & Patch 
Vendor -- Product Descmpron Published | Score Info 
Creation of a Temporary Directory with Insecure Permissions in es 
nagios -- nagios_xi Nagios XI 5.7.5 and earlier allows for Privilege Escalation via 2021-05-24 10 MISC 
creation of symlinks, which are mishandled in getprofile.sh. MISC 
Prototype pollution vulnerability in “nconf-toml’ versions 0.0.1 ICVE-2021-25946 
nconf-toml_project -- nconf-toml through 0.0.2 allows an attacker to cause a denial of service and 2021-05-25 Ries MISC 
may lead to remote code execution. MISC 
Certain NETGEAR devices are affected by command injection by 
an unauthenticated attacker via the vulnerable 
/sqfs/lib/libsal.so.0.0 library used by a CGI application, as 
demonstrated by setup.cgi?token=";$HTTP_USER_AGENT;' with 
an OS command in the User-Agent field. This affects GC108P 
before 1.0.7.3, GC108PP before 1.0.7.3, GS108Tv3 before CVE-2021-33514 
netgear -- gc108p_firmware 7.0.6.3, GS110TPPv1 before 7.0.6.3, GS110TPv3 before 7.0.6.3, 2021-05-21 whe) MISC 
GS110TUPVv1 before 1.0.4.3, GS710TUPv1 before 1.0.4.3, MISC 
GS716TP before 1.0.2.3, GS716TPP before 1.0.2.3, 
GS724TPPv1 before 2.0.4.3, GS724TPv2 before 2.0.4.3, 
GS728TPPv2 before 6.0.6.3, GS728TPv2 before 6.0.6.3, 
GS752TPPv1 before 6.0.6.3, GS752TPv2 before 6.0.6.3, 
MS510TXM before 1.0.2.3, and MS510TXUP before 1.0.2.3. 
Plone through 5.2.4 allows remote authenticated managers to CVE-2021-33509 
plone -- plone perform disk I/O via crafted keyword arguments to the 2021-05-21 8.5 MISC 
ReStructuredText transform in a Python script. MLIST 
CVE-2021-32075 
: ‘ MISC 
re-logic -- terraria Bieta: wile before 1.4.2.3 performs Insecure 2021-05-24 75 MISC 
ialization. MISC 
MISC 
‘The @ronomon/opened library before 1.5.2 is vulnerable to a 
command injection vulnerability which would allow a remote ee 
ronomon -- opened ; F 2021-05-24 10 MISC 
attacker to execute commands on the system if the library was CONFIRM 
used with untrusted input. ——— 
This vulnerability allows remote attackers to execute arbitrary 
code on affected installations of SolarWinds Network Performance 
Monitor 2020.2.1. Authentication is not required to exploit this 
solanvinds= vulnerability. The specific flaw exists within the CVE-2021-31474 
: SolarWinds.Serialization library. The issue results from the lack of || 2021-05-21 10 MISC 
network_performance_monitor Sie : ; : 
proper validation of user-supplied data, which can result in MISC 
deserialization of untrusted data. An attacker can leverage this 
vulnerability to execute code in the context of SYSTEM. Was ZDI- 
CAN-12213. 
A flaw was found in libwebp in versions before 1.0.1. A heap- 
based buffer overflow in function WebPDecodeRGBInto is CVE-2020-36328 
webmproject -- libwebp possible due to an invalid check for buffer size. The highest threat || 2021-05-21 ree) os 
from this vulnerability is to data confidentiality and integrity as well baeceiens 
as system availability. 
A flaw was found in libwebp in versions before 1.0.1. A use-after- 
: . free was found due to a thread being killed too early. The highest CVE-2020-36329 
webmproject — libwebp threat from this vulnerability is to data confidentiality and integrity eee LS MISC 
as well as system availability. 
A flaw was found in libwebp in versions before 1.0.1. An 
F ; unitialized variable is used in function ReadSymbol. The highest CVE-2018-25014 
nrebreipioject=</ibwerr threat from this vulnerability is to data confidentiality and integrity Soe o ed LS MISC 
as well as system availability. 
A flaw was found in libwebp in versions before 1.0.1. A heap- 
F F based buffer overflow was found in PutLE16(). The highest threat CVE-2018-25011 
Webmproject ~ libwebp from this vulnerability is to data confidentiality and integrity as well Pease L8 MISC 
as system availability. 
Possible read out of bounds in dns read. Zephyr versions >= 
' 1.14.2, >= 2.3.0 contain Out-of-bounds Read (CWE-125). For CVE-2020-13601 
Zephyiprojaet = Zephyr more information, see https://github.com/zephyrproject- epelle 6° LS MISC 
rtos/zephyr/security/advisories/GHSA-mm57-9hqw-qh44 
Improper Input Frame Validation in ieee802154 Processing. 
Zephyr versions >= v1.14.2, >= v2.2.0 contain Stack-based Buffer CVE-2020-10064 
zephyrproject -- zephyr Overflow (CWE-121), Heap-based Buffer Overflow (CWE-122). 2021-05-25 ie ia CO 
For more information, see https://github.com/zephyrproject- igo 
rtos/zephyr/security/advisories/GHSA-3gvq-h42f-v3c7 
secigie seems An issue was discovered in zzcms 2019. SQL Injection exists in 2021-05-24 75 CVE-2019-12348 


MISC 
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Primary baad : Cvss Source & Patch 
Vendor -- Product Bescnprien eubliened Score Info 
An issue was discovered in Acronis True Image 2020 24.5.22510. 
anti_ransomware_service.exe exposes a REST API that can be 
used by everyone, even unprivileged users. This API is used to oe 
acronis -- true_image_2020 communicate from the GUI to anti_ransomware_service.exe. This || 2021-05-25 4.6 MISC 
can be exploited to add an arbitrary malicious executable to the MISC 
whitelist, or even exclude an entire drive from being monitored by (pera 
anti_ransomware_service.exe. 
In ArangoDB, versions v2.2.6.2 through v3.7.10 are vulnerable to 
Cross-Site Scripting (XSS), since there is no validation of the .zip 
arancedb ss arangodb file name and filtering of potential abusive characters which zip 2024-05-24 43 7 anceroan 
g 9 files can be named to. There is no X-Frame-Options Header set, —— MISC 
which makes it more susceptible for leveraging self XSS by = 
attackers. 
An Improper Input Validation vulnerability in the Product Update 
feature of Bitdefender Endpoint Security Tools for Linux allows a 
bitdefender -- man-in-the-middle attacker to abuse the DownloadFile function of 2021-05-24 6 CVE-2021-3485 
endpoint_security_tools the Product Update to achieve remote code execution. This issue = MISC 
affects: Bitdefender Endpoint Security Tools for Linux versions 
prior to 6.2.21.155. 
A file upload vulnerability was discovered in the file path /bl- 
Hes : plugins/backup/plugin.php on Bludit version 3.12.0. If an attacker On. CVE-2020-23765 
bludit ~ bludit is able to gain Administrator rights they will be able to use unsafe pees 6.5 MISC 
plugins to upload a backup file and control the server. 
‘The Goto WordPress theme before 2.1 did not properly sanitize 
; ithe formvalue JSON POST parameter in its tl_filter AJAX action, CVE-2021-24297 
pEdbhiyineibe Ao leading to an unauthenticated Reflected Cross-site Scripting ene eer 4.3 CONFIRM 
(XSS) vulnerability. 
Reflected cross-site scripting vulnerability in the admin page of CVE-2021-20725 
calendar01_ project -- calendar01 [Calendar01] free edition ver1.0.1 and earlier allows a remote 2021-05-24 4.3 MISC 
attacker to inject an arbitrary script via unspecified vectors. MISC 
A vulnerability in the web-based management interface of Cisco 
Finesse could allow an unauthenticated, remote attacker to 
redirect a user to an undesired web page. This vulnerability is due 
to improper input validation of the URL parameters in an HTTP 
request that is sent to an affected system. An attacker could CVE-2021-1358 
cisco -- finesse exploit this vulnerability by persuading a user of the interface to 2021-05-22 58 cIScO.tC—~™S 
click a crafted link. A successful exploit could allow the attacker to ———— 
cause the interface to redirect the user to a specific, malicious 
URL. This type of vulnerability is known as an open redirect and is 
used in phishing attacks that get users to unknowingly visit 
malicious sites. 
Multiple vulnerabilities in the web-based management interface of 
Cisco Finesse could allow an authenticated, remote attacker to 
conduct a cross-site scripting (XSS) attack against a user of the 
interface. These vulnerabilities are due to insufficient validation of 
user-supplied input by the web-based management interface of 
: : the affected software. An attacker could exploit these CVE-2021-1254 
cisco: finesse vulnerabilities by injecting malicious code into the web-based eoeieee 43 CISCO 
management interface and persuading a user to click a malicious 
link. A successful exploit could allow the attacker to execute 
arbitrary script code in the context of the affected interface or 
access sensitive, browser-based information. An attacker needs 
valid administrator credentials to inject the malicious script code. 
- CVE-2021-30195 
codesys -- plewinnt CODESYS V2 runtime system before 2.4.7.55 has Improper Input 2021-05-25 § MISC 
Validation. MISC 
: CVE-2021-30186 
codesys -- plewinnt CODESYS V2 runtime system SP before 2.4.7.55 has a Heap- 2021-05-25 5 MISC 
based Buffer Overflow. MISC 
; CVE-2021-30187 
codesys -- runtime_toolkit CODESYS V2 runtime system SP before 2.4.7.55 has Improper 2021-05-25 46 MISC 
Neutralization of Special Elements used in an OS Command. MISC 
CVE-2021-30191 
codesys -- v2_web_server CODESYS v2 Web-Server before 1.1.9.20 has a a Buffer Copy 2021-05-25 5 MISC 
without Checking the Size of the Input. MISC 
CVE-2021-30194 
codesys -- v2_web_server CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds 2021-05-25 | 6.4 MISC 


MISC 
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6/1/2021 Vulnerability Summary for the Week of May 24, 2021 
Primary oar P Cvss Source & Patch 
Vendor -- Product Bescmpron Published Score Info 
A Cross-Site Request Forgery (CSRF) vulnerability exists in CVE-2020-25408 
college_management_system_projeqP?rojectWorlds College Management System Php 1.0 that allows a 2021-05-24 43 MSC. .OC~™S 
-- college_management_system remote attacker to modify, delete, or make a new entry of the — MISC 
student, faculty, teacher, subject, scores, location, and article data. —— 
Dell EMC XtremlO Versions prior to 6.3.3-8, contain a Cross-Site 
Request Forgery Vulnerability in XMS. A non-privileged attacker 
F could potentially exploit this vulnerability, leading to a privileged CVE-2021-21549 
dell -- xtremio_management_server |) icin application user being tricked into sending state-changing eee) 6.8 CONFIRM 
requests to the vulnerable application, causing unintended server 
operations. 
CVE-2021-33496 
: ai MISC 
dutchcoders -- transfer.sh Dutchcoders transfer.sh before 1.2.4 allows XSS via an inline 2021-05-24 43 CONEIRM 
view. MISC. 
MISC 
CVE-2021-33497 
Dutchcoders transfer.sh before 1.2.4 allows Directory Traversal for MISC 
dutchcoders -- transfer.sh deleting files. 2021-05-24 6.4 CONEIRM 
MISC 
An issue was discovered in emlog 6.0.0stable. There is a SQL 
Injection vulnerability that can execute any SQL statement and CVE-2021-30081 
pmiog = emilag query server sensitive data via admin/navbar.php? pea aeee 85 MISC 
action=add_page. 
Feehi CMS 2.1.1 is affected by a Server-side request forgery CVE-2021-30108 
feehi -- feehi_cms (SSRF) vulnerability. When the user modifies the HTTP Referer 2021-05-24 6.4 MISC... 
header to any url, the server can make a request to it. (aeeeay 
A heap-based Buffer Overflow Vulnerability exists FFmpeg 4.2 at CVE-2020-22033 
ffmpeg -- fimpeg libavfilter/vf_vmafmotion.c in convolution_y_8bit, which could let a || 2021-05-27 4.3 MISC... 
remote malicious user cause a Denial of Service. inna 
FFmpeg 4.2 is affected by null pointer dereference passed as CVE-2020-20450 
ffmpeg -- ffmpeg argument to libavformat/aviobuf.c, which could cause a Denial of 2021-05-25 a MISC... 
Service. a 
FFmpeg 4.2 is affected by a Divide By Zero issue via . ' 
ffmpeg -- ffmpeg libavcodec/lpc.h, which allows a remote malicious user to cause a || 2021-05-25 4 i nin 
Denial of Service. leaner 
FFmpeg 4.2 is affected by a Divide By Zero issue via r r 
ffmpeg -- ffmpeg libavcodec/aacpsy.c, which allows a remote malicious user to 2021-05-25 4 a 
cause a Denial of Service. fee 
FFmpeg 4.1.3 is affected by a Divide By Zero issue via 
ffmpeg -- ffmpeg libavcodec/ratecontrol.c, which allows a remote malicious user to 2021-05-25 4 ie aii 
cause a Denial of Service. fre 
FFmpeg 4.2 is affected by a Divide By Zero issue via : ; 
ffmpeg -- ffmpeg libavcodec/aaccoder, which allows a remote malicious user to 2021-05-25 4 oe 
cause a Denial of Service eset 
, Buffer Overflow vulnerability exists in FFmpeg 4.1 via CVE-2020-21041 
mpeg -- ffmpeg apng_do_inverse_blend in libavcodec/pngenc.c, which could let a || 2021-05-24 a MISC 
remote malicious user cause a Denial of Service ae 
Denial of Service issue in FFmpeg 4.2 due to resource CVE-2020-20451 
ffmpeg: timped management errors via fftools/cmdutils.c. ale hee | s MISC 
A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 CVE-2020-22034 
ffmpeg -- ffmpeg atlibavfilter/vf_floodfill.c, which might lead to memory corruption 2021-05-27 6.8 MISC... 
and other potential consequences. ———— 
Buffer Overflow vulnerability in FFMpeg 4.2.3 in 
dnn_execute_layer_pad in CVE-2020-24020 
ffmpeg -- ffmpeg libavfilter/dnn/dnn_backend_native_layer_pad.c due to a call to 2021-05-26 6.5 MISC 
memcpy without length checks, which could let a remote malicious MISC 
user execute arbitrary code. 
This vulnerability allows remote attackers to execute arbitrary 
code on affected installations of Foxit Reader 10.1.3.37598. User 
interaction is required to exploit this vulnerability in that the target 
must visit a malicious page or open a malicious file. The specific CVE-2021-31473 
foxitsoftware -- phantompdf flaw exists within the browseForDoc function. The issue results 2021-05-21 6.8 MISC 
from the lack of proper validation of user-supplied data, which can MISC 
result in a write past the end of an allocated data structure. An 
attacker can leverage this vulnerability to execute code in the 
context of the current process. Was ZDI-CAN-13523. 
An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 
1.2.x before 1.2.5. It allows DNS rebinding. A remote web server 
AOe alIDh can exploit this vulnerability to trick a victim's browser into 2021-05-24 58 nel 
9 gupnp triggering actions against local UPnP services implemented using a MISC 


for data exfiltration, data tempering, etc. 
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Primary Aare P Cvss Source & Patch 
Vendor -- Product Bescmpron Published | Score Info 

An issue was discovered in Gris CMS v0.1. There is a Persistent CVE-2021-30082 
gris_cms_project -- gris_cms XSS vulnerability which allows remote attackers to inject arbitrary || 2021-05-24 4.3 MISC... 

web script or HTML via admin/dashboard. (sana 

An arbitrary file deletion vulnerability was discovered on htmly 

v2.7.5 which allows remote attackers to use any absolute path to CVE-2020-23766 
filly: stately delete any file in the server should they gain Administrator eve ees) 5.5 MISC 

privileges. 

‘The method and share GET parameters of the Giveaway pages CVE-2021-24298 
ibenic -- simple_giveaways were not sanitised, validated or escaped before being output back || 2021-05-24 4.3 MISC 

in the pages, thus leading to reflected XSS CONFIRM 

IBM Host firmware for LC-class Systems is vulnerable to a stack CVE-2020-4839 
? ‘ based buffer overflow, caused by improper bounds checking. A -AANEIOLA 
ibm -- 8335-gca_firmware ee patie i 2021-05-25 4 CONFIRM 

remote privileged attacker could exploit this vulnerability and XE 

cause a denial of service. IBM X-Force ID: 190037. — 

IBM InfoSphere Information Server 11.7 could allow an attacker to 
ibm -- obtain sensitive information by injecting parameters into an HTML 2021-05-21 5 aaa 
infosphere_information_server query. This information could be used in further attacks against = CONFIRM 

the system. IBM X-Force ID: 199918. ——— 

IBM Security Guardium 11.2 uses weaker than expected CVE-2021-20419 
ibm -- security_guardium cryptographic algorithms that could allow an attacker to decrypt 2021-05-24 5 CONFIRM 

highly sensitive information. IBM X-Force ID: 196280. XF 

IBM Security Guardium 11.2 is vulnerable to SQL injection. A 
ibm=2 sesunie auardiunt remote attacker could send specially crafted SQL statements, 2024-05-24 65 a. 

y¥_g which could allow the attacker to view, add, modify or delete —— XE! 

information in the back-end database. IBM X-Force ID: 192710. r= 

IBM Security Guardium 11.2 is vulnerable to cross-site scripting. 

This vulnerability allows users to embed arbitrary JavaScript code CVE-2021-20386 
ibm -- security_guardium in the Web UI thus altering the intended functionality potentially 2021-05-24 a3. CONFIRM 

leading to credentials disclosure within a trusted session. IBM X- XF 

Force ID: 195767. 

IBM Security Guardium 11.2 could allow a remote attacker to 

obtain sensitive information when a detailed technical error CVE-2021-20428 
ibm -- security_guardium message is returned in the browser. This information could be 2021-05-24 5 CONFIRM 

used in further attacks against the system. IBM X-Force ID: XF 

196315. 

: : : : ‘ : CVE-2021-21659 
eet rae , Jenkins URLTrigger Plugin 0.48 and earlier does not configure its ce T= el 
Pe ishism aga ek XML parser to prevent XML external entity (XXE) attacks. eyersee = wee 

An issue was discovered in Joomla! 3.0.0 through 3.9.26. A 
joomla -- joomla\! missing token check causes a CSRF vulnerability in data 2021-05-26 4.3 wae 
download endpoints in com_banners and com_sysinfo. ———— 
An issue was discovered in Joomla! 3.0.0 through 3.9.26. A CVE-2021-26033 
joomla -- joomla\! missing token check causes a CSRF vulnerability in the AJAX 2021-05-26 4.3 MISC... 
reordering endpoint. perma 
An issue was discovered in Joomla! 3.0.0 through 3.9.26. HTML 
jicomla -- joomlal! was missing in the executable block list of 2021-05-26 | 4.3 eee 
MediaHelper::canUpload, leading to XSS attack vectors. eer 
In Trusted Firmware-M through 1.3.0, cleaning up the memory . : 
allocated for a multi-part cryptographic operation (in the event of a a 
linaro -- trusted_firmware-m failure) can prevent the abort() operation in the associated 2021-05-21 5 MISC. 
cryptographic library from freeing internal resources, causing a MISC 
memory leak. (anaes 
CVE-2020-25672 
FEDORA 
; : A memory leak vulnerability was found in Linux kernel in MLIST 
linux -- linux_kernel licp_sock connect 2021-05-25 5 FEDORA 
MISC 
FEDORA 
Cross-site request forgery in OpenOversight 0.6.4 allows a remote CVE-2021-20096 
lucyparsonslabs -- openoversight _|lattacker to perform sensitive application actions by tricking 2021-05-25 58 MISC... 
legitimate users into clicking a crafted link. caer 
Reflected cross-site scripting vulnerability in [MailForm01] free 
edition (versions which the last updated date listed at the top of CVE-2021-20723 
mailform01_ project -- mailform01 descriptions in the program file is from 2014 December 12 to 2018]] 2021-05-24 4.3 MISC 
July 27) allows a remote attacker to inject an arbitrary script via MISC 
unspecified vectors. 
An information disclosure vulnerability was discovered in 
: : . CVE-2021-27823 
mediateknet -- netwave_system /index.class.php (via port 8181) on NetWave System 1.0 which 2021-05-25 ‘ MISC 





MISC 
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Prima ar : CVSS Source & Patch 
Vendor -- Pesalick Besenmpion Published Score Info 
MetInfo 7.0 beta is affected by a file modification vulnerability. 
miatinfo'—metinfa Attackers can delete and modify ini files in 2024-05-24 6.4 nee 
app/system/language/admin/language_general.class.php and as MISC 
app/system/include/function/file.func.php. rs 
The dsgvoaio_write_log AJAX action of the DSGVO All in one for 
WP WordPress plugin before 4.0 did not sanitise or escape some 
POST parameter submitted before outputting them in the Log 
mlfactory -- page in the administrator dashboard (wp-admin/admin.php? 2021-05-24 43 CVE-2021-24294 
dsgvo_all_in_one_for_wp page=dsgvoaiofree-show-log). This could allow unauthenticated —— CONFIRM 
attackers to gain unauthorised access by using an XSS payload to 
create a rogue administrator account, which will be trigged when 
an administrator will view the logs. 
Incorrect Access Control in Nagios Fusion 4.1.8 and earlier allows CVE-2020-28911 
; F low-privileged authenticated users to extract passwords used to MISC 
nagios — fusion anes fees servers via the test_server arene in areas 4 MISC 
ajaxhelper.php. MISC 
Improper Input Validation in Nagios Fusion 4.1.8 and earlier allows oo 
nagios -- fusion an authenticated attacker to execute remote code via table 2021-05-24 65 MISC 
pagination. MISC 
Improper input validation in Nagios Fusion 4.1.8 and earlier allows as 
nagios -- fusion a remote attacker with control over a fused server to inject 2021-05-24 4.3 MISC 
arbitrary HTML, aka XSS. MISC 
An issue was discovered in Nitrokey FIDO U2F firmware through 
1.1. Communication between the microcontroller and the secure CVE-2020-12061 
; ; : element transmits credentials in plain. This allows an adversary to MISC 
bimmoksey fide uet_femware eavesdrop the communication ee derive the secrets stored inthe pes! 5 MISC 
microcontroller. As a result, the attacker is able to arbitrarily MISC 
manipulate the firmware of the microcontroller. 
The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x 
normalize-url_project -- normalize- |before 6.0.1 for Node.js has a ReDoS (regular expression denial 2021-05-24 5 CVE-2021-33502 
url of service) issue because it has exponential performance for data: = CONFIRM 
URLs. 
Emissary is a distributed, peer-to-peer, data-driven workflow 
framework. Emissary 6.4.0 is vulnerable to Unsafe Deserialization 
of post-authenticated requests to the 
[ WorkSpaceClientEnqueue.action ] CVE-2021-32634 
nsa -- emissary (https://github.com/NationalSecurityAgency/emissary/blob/30c54ef/| 6262 6GS109604.a9 2993 9fbSEsOREERBP/src/main/ja 
REST endpoint. This issue may lead to post-auth Remote Code MISC 
Execution. This issue has been patched in version 6.5.0. As a 
workaround, one can disable network access to Emissary from 
untrusted sources. 
online_examination_system_project|/Projectworlds Online Examination System 1.0 is vulnerable to 2021-05-24 43 oe 
-- online_examination_system CSRF, which allows a remote attacker to delete the existing user. =< MISC 
online_examination_system_project|/Project Worlds Online Examination System 1.0 is affected by 2021-05-24 43 nil 
-- online_examination_system Cross Site Scripting (XSS) via account.php. — MISC 
It was found that various OpenID Providers (OPs) had TLS Server 
Certificates that used weak keys, as a result of the Debian 
Predictable Random Number Generator (CVE-2008-0166). In CVE-2008-3280 
openid -- openid combination with the DNS Cache Poisoning issue (CVE-2008- 2021-05-21 4.3 MISC 
1447) and the fact that almost all SSL/TLS implementations do not MISC 
consult CRLs (currently an untracked issue), this means that it is 
impossible to rely on these OPs. 
Untrusted search path vulnerability in The Installer of Overwolf 
2.168.0.n and earlier allows an attacker to gain privileges and pee eeemedse ee 
overwolf -- overwolf : : ae ; ; 2021-05-24 4.4 MISC 
execute arbitrary code with the privilege of the user invoking the MISC 
installer via a Trojan horse DLL in an unspecified directory. a 
An information disclosure vulnerability was discovered in 
alipay_function.php in the log file of Alibaba payment interface on CVE-2020-23768 
phpyun -- phpyun PHPPYUN prior to version 5.0.1. If exploited, this vulnerability will || 2021-05-21 5 MISC... 
allow attackers to obtain users' personally identifiable information ——— 
including e-mail address and telephone numbers. 
The slider import search feature of the PickPlugins Product Slider 
pickplugins -- for WooCommerce WordPress plugin before 1.13.22 did not 2021-05-24 43 CVE-2021-24300 
product_slider_for_woocommerce __||properly sanitised the keyword GET parameter, leading to ne CONFIRM 
reflected Cross-Site Scripting issue 
Plone though 5.2.4 allows SSRF via the Ixml parser. This affects CVE-2021-33511 
plone -- plone Diazo themes, Dexterity TTW schemas, and modeleditors in 2021-05-21 5 MISC 
plone.app.theming, plone.app.dexterity, and plone.supermodel. MLIST 
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Primary ae P Cvss Source & Patch 
Vendor -- Product Descmption Published | Score Info 
Zope Products.CMFCore before 2.5.1 and CVE-2021-33507 
plone -- plone Products.PluggableAuthService before 2.6.2, as used in Plone 2021-05-21 4.3 MISC 
through 5.2.4 and other products, allow Reflected XSS. MLIST 
Zope is an open-source web application server. In Zope versions 
prior to 4.6 and 5.2, users can access untrusted modules indirectly 
through Python modules that are available for direct use. By 
default, only users with the Manager role can add or edit Zope 
Page Templates through the web, but sites that allow untrusted CVE-2021-32633 
users to add/edit Zope Page Templates through the web are at MISC 
plone -- plone risk from this vulnerability. The problem has been fixed in Zope 5.2|| 2021-05-21 6.5 CONFIRM 
and 4.6. As a workaround, a site administrator can restrict MLIST 
adding/editing Zope Page Templates through the web using the MLIST 
standard Zope user/role permission mechanisms. Untrusted users 
should not be assigned the Zope Manager role and adding/editing 
Zope Page Templates through the web should be restricted to 
trusted users only. 
Plone through 5.2.4 allows remote authenticated managers to CVE-2021-33510 
plone -- plone conduct SSRF attacks via an event ical URL, to read one line of a || 2021-05-21 4 MISC 
file. MLIST 
CVE-2021-20209 
: : [A memory leak vulnerability was found in Privoxy before 3.0.29 in MISC 
PRVOXY'==|PIIVORY: the show-status CGI handler when no action files are configured. cyeveeee 5 MISC 
MISC 
PuTTY before 0.75 on Windows allows remote servers to cause a 
denial of service (Windows GUI hang) by telling the PUTTY CVE-2021-33500 
window to change its title repeatedly at high speed, which results MISC 
putty — putty in many SetWindowTextA or SetWindowTextW calls. NOTE: the || 2021-05-21 5 misc 
same attack methodology may affect some OS-level GUIs on MISC 
Linux or other platforms for similar reasons. 
A flaw was found in OpenLDAP. This flaw allows an attacker who 
; can send a malicious packet to be processed by OpenLDAP’s CVE-2020-20178 
redhat ansible slapd server, to trigger an assertion failure. The highest threat oeeen 5 MISC 
from this vulnerability is to system availability. 
CVE-2020-27208 
The flash read-out protection (RDP) level is not enforced during MISC 
the device initialization phase of the SoloKeys Solo 4.0.0 & Somu MISC 
solokeys -- solo_ firmware and the Nitrokey FIDO2 token. This allows an adversary to 2021-05-21 4.6 MISC 
downgrade the RDP level and access secrets such as private MISC 
ECC keys from SRAM via the debug interface. MISC 
MISC 
This vulnerability allows network-adjacent attackers to execute 
arbitrary code on affected installations of Synology DiskStation 
eee Da Ur te a ehepal CVE-2021-31439 
synology -- diskstation_ manager Se Oe eee piprhiaripe 2021-05-21 5.8 MISC 
= Netatalk. The issue results from the lack of proper validation of the at MISC 
length of user-supplied data prior to copying it to a heap-based Pere 
buffer. An attacker can leverage this vulnerability to execute code 
in the context of the current process. Was ZDI-CAN-12326. 
The Target First WordPress Plugin v2.0, also previously known as 
Watcheezy, suffers from a critical unauthenticated stored XSS CVE-2021-24305 
targetfirst -- watcheezy vulnerability. An attacker could change the licence key value 2021-05-24 4.3 MISC 
through a POST on any URL with the 'weeWzKey' parameter that CONFIRM 
will be save as the 'weelD option and is not sanitized. 
Reflected cross-site scripting vulnerability in the admin page of CVE-2021-20724 
telop01_ project -- telop01 [Telop01] free edition ver1.0.1 and earlier allows a remote attacker||| 2021-05-24 4.3 MISC 
to inject an arbitrary script via unspecified vectors. MISC 
The package trailing-slash before 2.0.1 are vulnerable to Open 
Redirect via the use of trailing double slashes in the URL when CVE-2021-23387 
trailing-slash_project -- trailing- accessing the vulnerable endpoint (such as 2021-05-24 5.8 MISC 
slash https://example.com//attacker.example/). The vulnerable code is in >" MISC 
index.js::createTrailing(), as the web server uses relative URLs MISC 
instead of absolute URLs. 
Cross Site Scripting (XSS) in Typora v0.9.65 and earlier allows CVE-2020-18221 
typora -- typora remote attackers to execute arbitrary code by injecting commands |} 2021-05-26 4.3 oT 
during block rendering of a mathematical formula. ———= 
On WAGO PFC200 devices in different firmware versions with 
7 7 : special crafted packets an attacker with network access to the OR. CVE-2021-21000 
age t90- Sed Arial device could cause a denial of service for the login service of the coe neee 5 CONFIRM 
runtime. 
On WAGO PFC200 devices in different firmware versions with 
wago -- 750-823. firmware special crafted packets an authorised attacker with network 2021-05-24 4 CVE-2021-21001 
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Primary aare P Cvss Source & Patch 
Vendor -- Product Pescmpron eubilehed Score Info 
An issue was discovered in Mediat 1.4.1. There is a Reflected 
, : XSS vulnerability which allows remote attackers to inject arbitrary CVE-2021-30083 
Wwebfairy ~ mediat web script or HTML without authentication via the 'return' esse 4.3 MISC 
parameter in login.php. 
A flaw was found in libwebp in versions before 1.0.1. An out-of- 
‘ ‘ bounds read was found in function ShiftBytes. The highest threat CVE-2018-25013 
Mebiipiolset = ibWEEP from this vulnerability is to data confidentiality and to the service eve OS 4 MISC 
availability. 
A flaw was found in libwebp in versions before 1.0.1. An out-of- 
‘ ; bounds read was found in function ApplyFilter. The highest threat CVE-2018-25010 
webmproject — libwebp from this vulnerability is to data confidentiality and to the service eee 64 MISC 
availability. 
A flaw was found in libwebp in versions before 1.0.1. An out-of- 
: . bounds read was found in function ChunkVerifyAndAssign. The CVE-2020-36330 
yecbreipioiecke Tibwebr highest threat from this vulnerability is to data confidentiality and eeieel 8.4 MISC 
to the service availability. 
A flaw was found in libwebp in versions before 1.0.1. When 
‘ : reading a file libwebp allocates an excessive amount of memory. CVE-2020-36332 
Webmproject ~ libwebp The highest threat from this vulnerability is to the service Se 5 MISC 
availability. 
A flaw was found in libwebp in versions before 1.0.1. An out-of- 
. : bounds read was found in function ChunkAssignData. The highest CVE-2020-36331 
mrebraprojeets> ibWEBP threat from this vulnerability is to data confidentiality and to the atettee) 8.4 MISC 
service availability. 
A flaw was found in libwebp in versions before 1.0.1. An out-of- 
: : bounds read was found in function WebPMuxCreatelnternal. The CVE-2018-25012 
chmproleet =lipweby highest threat from this vulnerability is to data confidentiality and ere ns) 6.4 MISC 
ito the service availability. 
A flaw was found in libwebp in versions before 1.0.1. An out-of- 
; 7 bounds read was found in function WebPMuxCreatelnternal. The CVE-2018-25009 
WebrepiejeattsibWeRp highest threat from this vulnerability is to data confidentiality and eel iae! 8.4 MISC 
to the service availability. 
Missing Size Checks in Bluetooth HCI over SPI. Zephyr versions 
>= v1.14.2, >= v2.2.0 contain Improper Handling of Length CVE-2020-10065 
zephyrproject -- zephyr Parameter Inconsistency (CWE-130). For more information, see 2021-05-25 5.8 MISC... 
https://github.com/zephyrproject- ——— 
rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c 
‘Type Confusion in 802154 ACK Frames Handling. Zephyr 
F versions >= v2.4.0 contain NULL Pointer Dereference (CWE-476). CVE-2021-3320 
zephyrproject — zephyr For more information, see https://github.com/zephyrproject- eevee 5 MISC 
rtos/zephyr/security/advisories/GHSA-27r3-rxch-2hm7 
Integer Overflow in memory allocating functions. Zephyr versions 
>= 1.14.2, >= 2.4.0 contain Integer Overflow or Wraparound 
zephyrproject -- zephyr (CWE-190). For more information, see 2021-05-25 46 wee 
https://github.com/zephyrproject- lira 
rtos/zephyr/security/advisories/GHSA-94vp-8gc2-rm45 
Improper Handling of Insufficient Permissions or Privileges in 
zephyr. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper CVE-2020-10072 
zephyrproject -- zephyr Handling of Insufficient Permissions or Privileges (CWE-280). For |} 2021-05-25 46 MISC... 
more information, see https://github.com/zephyrproject- eee 
rtos/zephyr/security/advisories/GHSA-Vvf79-hqwm-w4xc 
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autoptimize -- autoptimize 


The Autoptimize WordPress plugin before 2.8.4 was missing 
proper escaping and sanitisation in some of its settings, allowing 
high privilege users to set XSS payloads in them, leading to stored 
Cross-Site Scripting issues 


2021-05-24 


CVE-2021-24332 
CONFIRM 
MISC 





bluemedicinelabs -- 
hotjar_connecticator 


‘The Hotjar Connecticator WordPress plugin through 1.1.1 is 


vulnerable to Stored Cross-Site Scripting (XSS) in the 'hotjar 
script’ textarea. The request did include a CSRF nonce that was 
properly verified by the server and this vulnerability could only be 
exploited by administrator users. 


2021-05-24 


CVE-2021-24301 
CONFIRM 








centreon -- centreon 





Centreon version 20.10.2 is affected by a cross-site scripting 


(XSS) vulnerability. The dep_description (Dependency 
Description) and dep_name (Dependency Name) parameters are 
vulnerable to stored XSS. A user has to log in and go to the 





Configuration > Notifications > Hosts page. 








2021-05-26 








CVE-2021-27676 
MISC 
MISC 
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from the backend, e.g., in admin/customers/list.html. 

















Primary oar P Cvss Source & Patch 
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A vulnerability in the restricted shell of Cisco Evolved 
Programmable Network (EPN) Manager, Cisco Identity Services 
Engine (ISE), and Cisco Prime Infrastructure could allow an 
authenticated, local attacker to identify directories and write 
arbitrary files to the file system. This vulnerability is due to 
cisco -- improper validation of parameters that are sent to a CLI command 2021-05-22 36 CVE-2021-1306 
evolved_programmable_network_mawébér the restricted shell. An attacker could exploit this = CISCO 
vulnerability by logging in to the device and issuing certain CLI 
commands. A successful exploit could allow the attacker to 
identify file directories on the affected device and write arbitrary 
files to the file system on the affected device. To exploit this 
vulnerability, the attacker must be an authenticated shell user. 
The WP Customer Reviews WordPress plugin before 3.5.6 did not 
gowebsolutions -- sanitise some of its settings, allowing high privilege users such as 2021-05-24 3.5 CVE-2021-24296 
wp_customer_reviews administrators to set XSS payloads in them which will then be 3 CONFIRM 
triggered in pages where reviews are enabled 
: . ae ‘ CVE-2021-20389 
: F : IBM Security Guardium 11.2 stores user credentials in plain clear AAMC || 
piesa cOnty aterm text which can be read by a local user. IBM X-Force ID: 195770. || 20270524 | 2.1 |GONFIRM 
Keystone 5 is an open source CMS platform to build Node.js 
applications. This security advisory relates to a newly discovered 
capability in our query infrastructure to directly or indirectly expose 
the values of private fields, bypassing the configured access 
control. This is an access control related oracle attack in that the 
attack method guides an attacker during their attempt to reveal 
; information they do not have access to. The complexity of CVE-2021-32624 
Reystoneie’ + heysiane’s completing the attack is limited by some length-dependent coe e ee 35 CONFIRM 
behaviors and the fidelity of the exposed information. Under some 
circumstances, field values or field value meta data can be 
determined, despite the field or list having ‘read’ access control 
configured. If you use private fields or lists, you may be impacted. 
No patches exist at this time. There are no workarounds at this 
time 
The ‘State’ field of the Edit profile page of the LMS by LifterLMS — 
Online Course, Membership & Learning Management System 3 : 
Plugin for WordPress plugin before 4.21.1 is not properly sanitised an 
lifterlms -- lifterlms when output in the About section of the profile page, leading to a 2021-05-24 25 CONFIRM 
stored Cross-Site Scripting issue. This could allow low privilege MISC. 
users (such as students) to elevate their privilege via an XSS (arenes 
attack when an admin will view their profile. 
The Hana Flv Player WordPress plugin through 3.1.3 is vulnerable CVE-2021-24302 
neox -- hana_flv_player to an Authenticated Stored Cross-Site Scripting (XSS) 2021-05-24 35 CONFIRM 
vulnerability within the 'Default Skin’ field. Peas 
Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote 
F : attackers to execute arbitrary code by injecting scripts into the CVE-2020-18230 
PRpmy wind <-pnpmy wind parameter "$cfg_switchshow" of component " eel eet, 3.8 MISC 
/admin/web_config.php". 
Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote 
: ‘ attackers to execute arbitrary code by injecting scripts into the CVE-2020-18229 
phpmywind -- phpmywind parameter "$cfg_copyright" of component " eee 35 MISC 
/admin/web_config.php". 
: CVE-2021-33512 
_ Plone through 5.2.4 allows stored XSS attacks (by a Contributor) “OF. eae 
plone: iplens by uploading an SVG or HTML document. eveN tee) as malts 
MLIST 
F mr F ; CVE-2021-33513 
plone -- plone ee XSS via the inline_diff methods in 2021-05-21 3.5 MISG 
i ; MLIST 
Plone through 5.2.4 allows XSS via a full name that is mishandled CVE-2021-33508 
plone -- plone ; : F : 2021-05-21 3.5 MISC 
during rendering of the ownership tab of a content item. MLIST 
Postbird 0.8.4 allows stored XSS via the onerror attribute of an ao 
IMG element in any PostgreSQL database table. This can result in MISC 
postbird_project -- postbird reading local files via vectors involving XMLHttpRequest and open|} 2021-05-25 3:5 MISC 
of a file:/// URL, or discovering PostgreSQL passwords via vectors MISC 
involving Window.localStorage and savedConnections. MISC 
A stored cross-site scripting (XSS) vulnerability in Shopizer before 
2.17.0 allows remote attackers to inject arbitrary web script or CVE-2021-33561 
F . HTML via customer_name in various forms of store MISC 
Bhopizei = shapieat administration. It is saved in the database. The code is executed || 2021-05-24 Fs) MISC 
for any user of store administration when information is fetched MISC 
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files in this directory structure, which creates a privilege-escalation 


Primary ae P Cvss Source & Patch 
Vendor -- Product Descmpron Published Score Info 
A reflected cross-site scripting (XSS) vulnerability in Shopizer CVE-2021-33562 
F : before 2.17.0 allows remote attackers to inject arbitrary web script MISC 
shopizer — shopizer or HTML via the ref parameter to a page about an arbitrary eee 3.5 MISC 
product, e.g., a product/insert-product-name-here.html/ref= URL. MISC 
Incorrect Error Handling in Bluetooth HCI core. Zephyr versions 
' >= v1.14.2, >= v2.2.0 contain NULL Pointer Dereference (CWE- CVE-2020-10066 
eo phyiermiaere zeny 476). For more information, see https://github.com/zephyrproject- pve OS e9 33 MISC 
rtos/zephyr/security/advisories/GHSA-gc66-xfrc-24qr 
Zephyr Bluetooth unchecked packet data results in denial of 
service. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper CVE-2020-10069 
zephyrproject -- zephyr Handling of Parameters (CWE-233). For more information, see 2021-05-25 3:3 Msc 
https://github.com/zephyrproject- _——— 
rtos/zephyr/security/advisories/GHSA-f6vh-7v4x-8fjp 
Remote Denial of Service in LwM2M do_write_op_tlv. Zephyr 
versions >= 1.14.2, >= 2.2.0 contain Improper Input Validation 
ee (CWE-20), Loop with Unreachable Exit Condition (‘Infinite Loop’) nes CVE-2020-13602 
eophyspraiaete zephyr (CWE-835). For more information, see etal Oe? a1 MISC 
https://github.com/zephyrproject- 
rtos/zephyr/security/advisories/GHSA-g9mg-fj58-6fqh 
Back to top 
Severity Not Yet Assigned 
Primary ae : Cvss Source & Patch 
Vendor -- Product Desenpian Published | Score Info 
Add event in calendar function in the 101EIP system does not 
101eip -- 101eip filter special characters in specific fields, which allows remote 2021-05-28 not yet |CVE-2021-32539 
authenticated users to inject JavaScript and perform a stored XSS calculated |CONFIRM 
attack. 
: i Add announcement function in the 101EIP system does not filter 
nota sa Selp special characters, which allows authenticated users to inject 2021-05-28 ae fore 
JavaScript and perform a stored XSS attack. ee 
1CDN is open-source file sharing software. In 1CDN before 
Wedn=dean commit f88a2730fa50fc2c2aeab09011f6f142fd90ec25, there is a notvat CVE-2021-32616 
basic cross-site scripting vulnerability that allows an attacker to 2021-05-28 eeicuted CONFIRM 
inject /<script>//code</script> and execute JavaScript code on the MISC 
client side. 
3scale -- dev_portal 3scale dev portal login form does not verify CSRF token, and so 2021-05-26 not yet ee 
does not protect against login CSRF. calculated MISC 
re Pare Local File Inclusion vulnerability in Ab Initio Control>Center before 
PP InIRe sab nity 4.0.2.6 allows remote attackers to retrieve arbitrary files. Fixed in 2021-05-27 Ry ae oo a 
v4.0.2.6 and v4.0.3.1. =e 
An issue was discovered in Acronis True Image 2020 24.5.22510. 
anti_ransomware_service.exe includes functionality to quarantine 
files by copying a suspected ransomware file from one directory to 
another using SYSTEM privileges. Because unprivileged users is 3 
have write permissions in the quarantine folder, it is possible to Rot vet ao 
acronis -- true_image control this privileged write with a hardlink. This means that an 2021-05-25 y Parsrst 
nae : : : epee ‘ calculated |MISC 
unprivileged user can write/overwrite arbitrary files in arbitrary MISC 
folders. Escalating privileges to SYSTEM is trivial with arbitrary i 
writes. While the quarantine feature is not enabled by default, it 
can be forced to copy the file to the quarantine by communicating 
with anti_ransomware_service.exe through its REST API. 
An issue was discovered in Acronis True Image 2020 24.5.22510. 
anti_ransomware_service.exe keeps a log in a folder where 
unprivileged users have write permissions. The logs are CVE-2020-9451 
am F generated in a predictable pattern, allowing an unprivileged user nee 
BCrons tue Image ito create a hardlink from a (not yet created) log file to 2021-05-25 Hot yet Bish: 

: : ; calculated ||MISC 
anti_ransomware_service.exe. On reboot, this forces the MISC 
anti_ransomware_service to try to write its log into its own ee 
process, crashing in a SHARING VIOLATION. This crash occurs 
on every reboot. 

‘The Adobe ColdFusion installer fails to set a secure access- 
7 : control list (ACL) on the default installation directory, such as . ‘ 
pagke = eattieion C:\ColdFusion2021\. By default, unprivileged users can create 2021-05-27 |} Tot vet — 
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Primary ae P Cvss Source & Patch 
Vendor -- Product Description Published Score Info 
A flaw was found in ansible module where credentials are CVE-2021-20178 
disclosed in the console log by default and not protected by the MISC 


security feature when using the bitbucket_pipeline_variable 
module. This flaw allows an attacker to steal bitbucket_pipeline 
credentials. The highest threat from this vulnerability is to 
confidentiality. 


A flaw was found in ansible. Credentials, such as secrets, are 
being disclosed in console log by default and not protected by 
ansible -- ansible no_log feature when using those modules. An attacker can take 
advantage of this information to steal those credentials. The 
highest threat from this vulnerability is to data confidentiality. 
Versions before ansible 2.9.18 are affected. 


A flaw was found in Ansible Tower when running jobs. This flaw 
allows an attacker to access the stdout of the executed jobs which 
are run from other organizations. Some sensible data can be 
disclosed. However, critical data should not be disclosed, as it 
should be protected by the no_log flag when debugging is 
enabled. This flaw affects Ansible Tower versions before 3.6.4, 
Ansible Tower versions before 3.5.6 and Ansible Tower versions 
before 3.4.6. 


A security flaw was found in Ansible Tower when requesting an 
OAuth2 token with an OAuth2 application. Ansible Tower uses the 
token to provide authentication. This flaw allows an attacker to 
ansible -- tower obtain a refresh token that does not expire. The original token 
granted to the user still has access to Ansible Tower, which allows 
any user that can gain access to the token to be fully 
authenticated to Ansible Tower. This flaw affects Ansible Tower 
versions before 3.6.4 and Ansible Tower versions before 3.5.6. 


A flaw was found in the use of insufficiently random values in 
Ansible. Two random password lookups of the same length 
ansible -- tower generate the equal value as the template caching action for the 
same file since no re-evaluation happens. The highest threat from 
this vulnerability would be that all passwords are exposed at once 
for the file. This flaw affects Ansible Engine versions before 2.9.6. 


A flaw was found in Ansible Tower when running Openshift. Tower 
runs a memcached, which is accessed via TCP. An attacker can 
take advantage of writing a playbook polluting this cache, causing 
a denial of service attack. This attack would not completely stop 
the service, but in the worst-case scenario, it can reduce the 
‘Tower performance, for which memcached is designed. 
‘Theoretically, more sophisticated attacks can be performed by 2021-05-27 
manipulating and crafting the cache, as Tower relies on 
memcached as a place to pull out setting values. Confidential and 
sensitive data stored in memcached should not be pulled, as this 
information is encrypted. This flaw affects Ansible Tower versions 
before 3.6.4, Ansible Tower versions before 3.5.6 and Ansible 
‘Tower versions before 3.4.6. 


A Server-side request forgery (SSRF) flaw was found in Ansible 
‘Tower in versions before 3.6.5 and before 3.7.2. Functionality on 
the Tower server is abused by supplying a URL that could lead to 
ansible -- tower the server processing it. This flaw leads to the connection to 


not yet |FEDORA 
calculated ||FEDORA 
MISC 
MISC 


ansible -- ansible 2021-05-26 








notyet |CVE-2021-20191 


2021-05-26 |! -aicuiated ||IMISC 








not yet ||CVE-2020-10698 


2021-05-27 | caicuiated |IMISC 


ansible -- tower 








not yet ||CVE-2020-10709 


2021-05-27 |! -siculated |IMISC 








CVE-2020-10729 
MISC 
MISC 


not yet 


enelteer calculated 








ansible -- tower not yet ||CVE-2020-10697 


calculated ||MISC 








not yet |CVE-2020-14327 















































internal services or the exposure of additional internal services by epeliee! calculated |MISC 
abusing the test feature of lookup credentials to forge 
HTTP/HTTPS requests from the server and retrieving the results 
of the response. 
A flaw was found in Ansible Tower in versions before 3.7.2. A 
Server Side Request Forgery flaw can be abused by supplying a 
ansible -- tower URL which could lead to the server processing it connecting to 2021-05-27 not yet |CVE-2020-14328 
internal services or exposing additional internal services and more calculated ||MISC 
particularly retrieving full details in case of error. The highest 
threat from this vulnerability is to data confidentiality. 
A data exposure flaw was found in Ansible Tower in versions 
before 3.7.2, where sensitive data can be exposed from the 
ansible -- tower /api/v2/labels/ endpoint. This flaw allows users from other 2021-05-27 not yet |CVE-2020-14329 
organizations in the system to retrieve any label from the calculated |MISC 
organization and also disclose organization names. The highest 
threat from this vulnerability is to confidentiality. 
Apache Fineract prior to 1.5.0 disables HTTPS hostname CVE-2020-17514 
apache -- fineract verification in ProcessorHelper in the configureClient method. 2021-05-27 not yet CONFIRM 
Under typical deployments, a man in the middle attack could be calculated ||MLIST 
successful. MLIST 
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Prima’ ar, : CVSS Source & Patch 
Vendor -- Peselick Bescmprlon Published Score Info 
CVE-2021-22160 
MISC 
If Apache Pulsar is configured to authenticate clients using tokens MLIST 
apache=:puléar based on JSON Web Tokens (JWT), the signature of the token is notvet MLIST 
P P not validated if the algorithm of the presented token is set to 2021-05-26 | ae d MLIST 
"none". This allows an attacker to connect to Pulsar instances as Se eee LEST 
any user (incl. admins). MLIST 
MLIST 
MLIST 
A DNS proxy and possible amplification attack vulnerability in 
WebClientInfo of Apache Wicket allows an attacker to trigger 
arbitrary DNS lookups from the server when the X-Forwarded-For 
header is not properly sanitized. This DNS lookup can be 
engineered to overload an internal DNS server or to slow down a 
apache -- wicket request processing of the Apache Wicket application causing a 2021-05-25 not yet MLIST 
possible denial of service on either the internal infrastructure or calculated MLIST 
the web application itself. This issue affects Apache Wicket MLIST 
Apache Wicket 9.x version 9.2.0 and prior versions; Apache 
Wicket 8.x version 8.11.0 and prior versions; Apache Wicket 7.x 
version 7.17.0 and prior versions and Apache Wicket 6.x version 
6.2.0 and later versions. 
Private Tunnel installer for macOS version 3.0.1 and older 
apple — macos versions may corrupt system critical files it should not have access||_ 2021-05-26 . ae a 
via symlinks in /tmp. calculated ee 
In Arm Trusted Firmware M through 1.2, the NS world may trigger CVE-2021-27562 
arm -- trusted_firmware a system halt, an overwrite of secure data, or the printing out of 2021-05-25 not yet MISC. 
secure data when calling secure functions under the NSPE calculated CONFIRM 
handler mode. 
The elliptic curve cryptography (ECC) hardware accelerator, part 
ee of the ARM® TrustZone® CryptoCell 310, contained in the ie ae 
= NordicSemiconductor nRF52840 through 2021-03-29 has a non- 2021-05-21 calculated MISC 
constant time ECDSA implemenation. This allows an adversary to MISC 
recover the private ECC key used during an ECDSA operation. = 
Authelia is a a single sign-on multi-factor portal for web apps. This 
affects uses who are using nginx ngx_http_auth_request_module 
with Authelia, it allows a malicious individual who crafts a 
malformed HTTP request to bypass the authentication 
mechanism. It additionally could theoretically affect other proxy 
servers, but all of the ones we officially support except nginx do 
authelia <-auihella not allow malformed URI paths. The problem is rectified entirely in not yet CVE-2021-32637 
4.29.3. As this patch is relatively straightforward we can back 2021-05-28 éalculated CONFIRM 
port this to any version upon request. Alternatively we are MISC 
supplying a git patch to 4.25.1 which should be relatively 
straightforward to apply to any version, the git patches for specific 
versions can be found in the references. The most relevant 
workaround is upgrading. You can also add a block which fails 
requests that contains a malformed URI in the internal location 
block. 
Autodesk Licensing Services was found to be vulnerable to 
privilege escalation issues. A limited privileges malicious user 
could run any number of tools on a system to identify services CVE-2021-27032 
autodesk_licensing_services -- which are configured with weak permissions and are running 2024-05-28 not yet MISC. 
autodesk_licensing_services under elevated privileges. These weak permissions could allow all calculated MISC 
users on the operating system to modify the service configuration, brome 
and take ownership of the service. This issue was found by an 
external security researcher. 
An out of bounds flaw was found in GNU binutils objdump utility 
version 2.36. An attacker could use this flaw and pass a large 
binutils -- obdump section to avr_elf32_load_records_from_section() probably 2021-05-26 not yet |CVE-2021-3549 
resulting in a crash or in some cases memory corruption. The calculated ||MISC 
highest threat from this vulnerability is to integrity as well as 
system availability. 
. The Arm Mali GPU kernel driver allows an unprivileged user to 
F : achieve access to freed memory, leading to information disclosure 
biirast— multiple products or root privilege escalation. This affects Bifrost r16p0 through 2021-05-24 i ie ie eae 
r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, calcula ee 
and Midgard r28p0 through r30p0. 
bluetooth_sig -— Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core CVE-2020-26555 
ninietoothi_ core specification Specification 1.0B through 5.2 may permit an unauthenticated 2021-05-24 not yet MISC 
= = nearby device to spoof the BD_ADDR of the peer device to calculated |MISC 
complete pairing without knowledge of the PIN. FEDORA 
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Bluetooth LE and BR/EDR secure pairing in Bluetooth Core 
Specification 2.1 through 5.2 may permit a nearby man-in-the- 
middle attacker to identify the Passkey used during pairing (in the 2 : 
Hiuatooth: sia = Passkey authentication procedure) by reflection of the public key nokvet a 
Sei ie ond bpGae and the authentication evidence of the initiating device, potentially || 2021-05-24 Be at sear MISC 
SSS permitting this attacker to complete authenticated pairing with the FEDORA 
responding device using the correct Passkey for the pairing ——— 
session. The attack methodology determines the Passkey value 
one bit at a time. 
Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may 
ee permit a nearby device, able to conduct a successful brute-force CVE-2020-26556 
bluetooth_sig -- bluetooth_mesh [attack on an insufficiently random AuthValue before the 2021-05-24 | NOlvet Misc 
provisioning procedure times out, to complete authentication by MISC 
leveraging Malleable Commitment. 
Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may 
Pa permit a nearby device (without possession of the AuthValue used CVE-2020-26557 
bluetooth_sig — bluetooth_mesh in the provisioning protocol) to determine the AuthValue via a 2021-05-24 Piacoa MISC 
brute-force attack (unless the AuthValue is sufficiently random and MISC 
changed each time). 
Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 
1.0.1 may permit a nearby device (participating in the provisioning 
ae protocol) to identify the AuthValue used given the Provisioner’s CVE-2020-26559 
plueipethieg = Diletooin mesh public key, and the confirmation number and nonce provided by 2021-05-24 meee MISC 
the provisioning device. This could permit a device without the MISC 
AuthValue to complete provisioning without brute-forcing the 
AuthValue. 
Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 
: 1.0.1 may permit a nearby device, reflecting the authentication CVE-2020-26560 
bluetooth_sig'— biuetooth_mesh evidence from a Provisioner, to complete authentication without 2021-05-24 a . d MISC 
possessing the AuthValue, and potentially acquire a NetKey and MISC 
AppKey. 
Boa 0.94.13 allows remote attackers to obtain sensitive 
boa -- boa information via a misconfiguration involving backup.html, 2021-05-27 not yet — 
preview.html, js/log.js, log.html, email.html, online-users.html, and calculated MISC 








config.js. 
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bytecode_alliance -- cranelift 


Cranelift is an open-source code generator maintained by 
Bytecode Alliance. It translates a target-independent intermediate 
representation into executable machine code. There is a bug in 
0.73 of the Cranelift x64 backend that can create a scenario that 
could result in a potential sandbox escape in a Wasm program. 
This bug was introduced in the new backend on 2020-09-08 and 
first included in a release on 2020-09-30, but the new backend 
was not the default prior to 0.73. The recently-released version 
0.73 with default settings, and prior versions with an explicit build 
flag to select the new backend, are vulnerable. The bug in 
question performs a sign-extend instead of a zero-extend on a 
value loaded from the stack, under a specific set of 
circumstances. If those circumstances occur, the bug could allow 
access to memory addresses upto 2GiB before the start of the 
Wasm program heap. If the heap bound is larger than 2GiB, then 
it would be possible to read memory from a computable range 
dependent on the size of the heaps bound. The impact of this bug 
is highly dependent on heap implementation, specifically: * if the 
heap has bounds checks, and * does not rely exclusively on guard 
pages, and * the heap bound is 2GiB or smaller * then this bug 
cannot be used to reach memory from another Wasm program 
heap. The impact of the vulnerability is mitigated if there is no 
memory mapped in the range accessible using this bug, for 
example, if there is a 2 GiB guard region before the Wasm 
program heap. The bug in question performs a sign-extend 
instead of a zero-extend on a value loaded from the stack, when 
the register allocator reloads a spilled integer value narrower than 
64 bits. This interacts poorly with another optimization: the 
instruction selector elides a 32-to-64-bit zero-extend operator 
when we know that an instruction producing a 32-bit value actually 
zeros the upper 32 bits of its destination register. Hence, we rely 
on these zeroed bits, but the type of the value is still i832, and the 
spill/reload reconstitutes those bits as the sign extension of the 
i32’s MSB. The issue would thus occur when: * An i32 value in a 
Wasm program is greater than or equal to 0Ox8000_0000; * The 
value is spilled and reloaded by the register allocator due to high 
register pressure in the program between the value’s definition 
and its use; * The value is produced by an instruction that we 
know to be “special” in that it zeroes the upper 32 bits of its 
destination: add, sub, mul, and, or; * The value is then zero- 
extended to 64 bits in the Wasm program; * The resulting 64-bit 
value is used. Under these circumstances there is a potential 
sandbox escape when the i32 value is a pointer. The usual code 
emitted for heap accesses zero-extends the Wasm heap address, 
adds it to a 64-bit heap base, and accesses the resulting address. 
If the zero-extend becomes a sign-extend, the program could 
reach backward and access memory up to 2GiB before the start of 
its heap. In addition to assessing the nature of the code 
generation bug in Cranelift, we have also determined that under 
specific circumstances, both Lucet and Wasmtime using this 
version of Cranelift may be exploitable. See referenced GitHub 
Advisory for more details. 


2021-05-24 


not yet 
calculated 


CVE-2021-32629 
MISC 

CONFIRM 

MISC 

MISC 








ceph-ansible -- playbook 


A flaw was found in the ceph-ansible playbook where it contained 
hardcoded passwords that were being used as default passwords 
while deploying Ceph services. Any authenticated attacker can 
abuse this flaw to brute-force Ceph deployments, and gain 
administrator access to Ceph clusters via the Ceph dashboard to 
initiate read, write, and delete Ceph clusters and also modify Ceph 
cluster configurations. Versions before ceph-ansible 6.0.0alpha1 
are affected. 


2021-05-28 


not yet 
calculated 


CVE-2020-1716 
MISC 








cesanta -- mjs 


Stack overflow vulnerability in parse_equality Cesanta MJS 
1.20.1, allows remote attackers to cause a Denial of Service 
(DoS) via a crafted file. 


2021-05-28 


not yet 
calculated 





CVE-2020-36375 
MISC 








cesanta -- mjs 


Stack overflow vulnerability in parse_comparison Cesanta MJS 
1.20.1, allows remote attackers to cause a Denial of Service 
(DoS) via a crafted file. 


2021-05-28 


not yet 
calculated 





CVE-2020-36374 
MISC 








cesanta -- mjs 


Stack overflow vulnerability in parse_plus_minus Cesanta MJS 
1.20.1, allows remote attackers to cause a Denial of Service 
(DoS) via a crafted file. 


2021-05-28 


not yet 
calculated 





CVE-2020-36372 
MISC 








cesanta -- mjs 


Stack overflow vulnerability in parse_mul_div_rem Cesanta MJS 
1.20.1, allows remote attackers to cause a Denial of Service 
(DoS) via a crafted file. 


2021-05-28 


not yet 
calculated 





CVE-2020-36371 
MISC 








cesanta -- mjs 











Stack overflow vulnerability in parse_unary Cesanta MJS 1.20.1, 
allows remote attackers to cause a Denial of Service (DoS) via a 
crafted file. 








2021-05-28 





not yet 
calculated 











CVE-2020-36370 
MISC 
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becomes valid, giving the attacker access to the user's account 


6/1/2021 Vulnerability Summary for the Week of May 24, 2021 
Primary ae P Cvss Source & Patch 
Vendor -- Product Descmpren Published | Score Info 
; Stack overflow vulnerability in parse_statement_list Cesanta MJS 

pesaita:sinls 1.20.1, allows remote attackers to cause a Denial of Service 2021-05-28 es 1 nin 

(DoS) via a crafted file. nee 
; Stack overflow vulnerability in parse_statement Cesanta MJS 
pesenie.--ns 1.20.1, allows remote attackers to cause a Denial of Service 2021-05-28 ial bee oe 
(DoS) via a crafted file. (paar? 
; Stack overflow vulnerability in parse_array Cesanta MJS 1.20.1, 
Pesaiite,-=ials allows remote attackers to cause a Denial of Service (DoS) viaa_ || 2021-05-28 a 
: calculated |MISC 
crafted file. 
: Stack overflow vulnerability in parse_shifts Cesanta MJS 1.20.1, 
Resenia- tins allows remote attackers to cause a Denial of Service (DoS) via a 2021-05-28 NOt yet ke Geeteaioes 
: calculated |MISC 
crafted file. 
; Stack overflow vulnerability in parse_block Cesanta MJS 1.20.1, 
Resaiite-inls allows remote attackers to cause a Denial of Service (DoS) viaa_ || 2021-05-28 cs 
: calculated |MISC 
crafted file. 
‘ Stack overflow vulnerability in parse_value Cesanta MJS 1.20.1, 
Resenie=<inls allows remote attackers to cause a Denial of Service (DoS) viaa_ || 2021-05-28 ye 
: calculated |MISC 
crafted file. 
A flaw was found in the way CHACHA20-POLY 1305 was 
implemented in NSS in versions before 3.55. When using multi- 

chach20-poly1305 -- chacha20- part Chacha20, it could cause out-of-bounds reads. This issue Kotvet CVE-2020-12403 

poly1305 was fixed by explicitly disabling multi-part ChaCha20 (which was 2021-05-27 eaicutted MISC 
not functioning correctly) and strictly enforcing tag length. The MISC 
highest threat from this vulnerability is to confidentiality and 
system availability. 

Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll 

checkbox -- survey of Checkbox Survey allows an unauthenticated remote attacker to 2021-05-27 not yet |CVE-2021-27852 
execute arbitrary code. This issue affects: Checkbox Survey calculated |MISC 
versions prior to 7. 

citrix A missing authorization vulnerability exists in Citrix ShareFile 

charaiile Storage zonée:-contraller Storage Zones Controller before 5.7.3, 5.8.3, 5.9.3, 5.10.1 and 2021-05-27 not yet |CVE-2021-22891 

= ge_ = 5.11.18 may allow unauthenticated remote compromise of the calculated ||MISC 
Storage Zones Controller. 
Seis An improper access control vulnerability exists in Citrix Workspace . : 

Rinse WEIKSRaCe ADP App for Windows potentially allows privilege escalation in CR 2021-05-27 a oo 
versions prior to 2105 and 1912 LTSR prior to CU4. ee 
An issue was discovered in Couchbase Server 5.x and 6.x before 
6.5.2 and 6.6.x before 6.6.2. Internal users with administrator 

couchebase -- server privileges, @cbq-engine-cbauth and @index-cbauth, leak 2021-05-26 not yet |CVE-2021-25643 
credentials in cleartext in the indexer.log file when they make a calculated |MISC 
/listCreateTokens, /listRebalanceTokens, or /listWetadataTokens 
call. 

covid19 testing management_system 

-- COVID19 Testing Management System 1.0 is vulnerable to SQL not yet pe de 

, : eg , : 2021-05-26 MISC 
covid19_testing_management_systefimjection via the admin panel. calculated MISC 

covid19 testing _management_system 

-- COVID19 Testing Management System 1.0 is vulnerable to Cross 2021-05-26 not yet ee 

covid19_testing_management_systefite Scripting (XSS) via the "Admin name" parameter. calculated MISC 
‘The css-what package before 5.0.1 for Node.js does not ensure 

Rss-whiat <= Gsswhal that attribute parsing has Linear Time Complexity relative to the 2021-05-28 hotyet. tee easeetaseses 

: : calculated |MISC 
size of the input. 
‘The parameters of the specific functions in the CTS Web trading 

cts -- web_trading_system system do not filter special characters, which allows 2021-05-28 not yet |CVE-2021-32542 
unauthenticated attackers can remotely perform reflected XSS calculated |CONFIRM 
and obtain the users’ connection token that triggered the attack. 

The CTS Web transaction system related to authentication 

cts -- web_transaction_system management is implemented incorrectly. After login, remote 2021-05-28 not yet |CVE-2021-32543 
attackers can manipulate cookies to access other accounts and calculated |CONFIRM 
trade in the stock market with spoofed identity. 

The CTS Web transaction system related to authentication and 
_ : session management is implemented incorrectly, which allows : : 

Bie Web _lansaction, System remote unauthenticated attackers can send a large number of 2021-05-28 Bie . a oa 
valid usernames, and force those logged-in account to log out, ——— 
causing the user to be unable to access the services 
Cubecart 6.4.2 allows Session Fixation. The application does not 
generate a new session cookie after the user is logged in. A . z 

Bibecartcubesart malicious user is able to create a new session cookie value and 2021-05-27 not yet SS 
inject it to a victim. After the victim logs in, the injected cookie calculated MISC. 











through the active session. 
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information in configuration file manually. ### References _Are 
there any links users can visit to find out more?_ N/A ### For 
more information If you have any questions or comments about 
this advisory: * Open an issue in [ GENIVI/dlt-daemon ] 
(https://github.com/GENIVI/dlt-daemon/issues) * Email us at 
[Mailinglist](mailto:https://lists.genivi.org/mailman/listinfo/genivi- 
diagnostic-log-and-trace_lists.genivi.org) 

















Primary Aare P Cvss Source & Patch 
Vendor -- Product Bescmpron Published Score Info 
Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, 
Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot 
; Versions v10.1 and prior lack proper validation of user-supplied CVE-2021-27496 
datalE Solnate = data wh ing PRT files. This could lead to poi 2021-05-27 || Notyet [CONFIRM 
multiple_ products ata when parsing iles. This could lea to pointer -05- calculated MISC 
= dereferences of a value obtained from an untrusted source. An MISC 

attacker could leverage this vulnerability to execute code in the (goa 

context of the current process. 

Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, 

Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot CVE-2021-27494 
datakit_software -- Versions v10.1 and prior lack proper validation of user-supplied 2021-05-27 not yet CONFIRM 
multiple_products data when parsing STP files. This could result in a stack-based calculated |MISC 

buffer overflow. An attacker could leverage this vulnerability to MISC 

execute code in the context of the current process. 

Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, 

Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot CVE-2021-27488 
datakit_software -- Versions v10.1 and prior lack proper validation of user-supplied not yet |CONFIRM 
multiple_products data when parsing CATPart files. This could result in an out-of- 2021-05-27 Ba hae MISC. 

bounds write past the end of an allocated structure. An attacker MISC 

could leverage this vulnerability to execute code in the context of ses 

the current process. 
datalat:- Sohware<z Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, CVE-2021-27490 
wiultiole. products Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot 2021-05-27 not yet CONFIRM 

ple_p Versions v10.1 and prior are vulnerable to an out-of-bounds read, calculated ||MISC 

which may allow an attacker to execute arbitrary code. MISC 

When opening a specially crafted 3DXML file, the application 

containing Datakit Software libraries CatiaV5_3dRead, CVE-2021-27492 
datakit_software -- CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr notyet CONFIRM 
multiple_products modules in KeyShot Versions v10.1 and prior could disclose 2021-05-27 Seite MISC. 

arbitrary files to remote attackers. This is because of the passing MISC 

of specially crafted content to the underlying XML parser without a 

taking proper restrictions such as prohibiting an external DTD. 

A flaw was found in dmg2img through 20170502. fill_mishblk() 

does not check the length of the read buffer, and copy OxCC bytes 

: F from it. The length of the buffer is controlled by an attacker. By 
dmgzimg -- dmgzimg providing a length smaller than OxCC, memcpy reaches out of the |} 2021-05-26 lied eo 
malloc'ed bound. This possibly leads to memory layout information rere 

leaking in the data. This might be used in a chain of vulnerability in 

order to reach code execution. 

A flaw was found in dmg2img through 20170502. dmg2img did not 

? ‘ validate the size of the read buffer during memcpy() inside the 
dmgzimg - dmg2img main() function. This possibly leads to memory layout information |} 2021-05-26 Rel ate oo 
leaking in the data. This might be used in a chain of vulnerability in ——— 

order to reach code execution. 

An argument injection vulnerability in the Dragonfly gem before 1 nal 

1.4.0 for Ruby allows remote attackers to read and write to MISC 
dragonfly -- dragonfly arbitrary files via a crafted URL when the verify_url option is 2024-05-29 not yet MISC 

disabled. This may lead to code execution. The problem occurs calculated MISC 

because the generate and process features mishandle use of the MISC 

ImageMagick convert utility. MISC 

A vulnerability found in EdgeMAX EdgeRouter V2.0.9 and earlier 
edgemax -- edgerouter could allow a malicious actor to execute a man-in-the-middle 2021-05-27 not yet |CVE-2021-22909 

(MitM) attack during a firmware update. This vulnerability is fixed calculated |MISC 

in EdgeMAX EdgeRouter V2.0.9-hotfix.1 and later. 

### Impact _What kind of vulnerability is it? Who is impacted? _ 

‘The vulnerable component could be crashed when the 

configuration file is intentionally/ unintentionally containing the 

special characters. All the applications which are using could fail 

ito generate their dit logs in system. ### Patches _Has the 

problem been patched? What versions should users upgrade to? _ 

‘There is solution for the problem but the patch is not integrated 

& yet. ### Workarounds _Is there a way for users to fix or remediate 05. not yet |CVE-2021-29507 
a the vulnerability without upgrading?_ Check the integrity of 2021-05-28 | calculated |CONFIRM 
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envoy -- envoy 


### Impact The vulnerability may allow a remote attacker has 
sufficient rights to execute commands of the host only by 
manipulating the processed input stream. No user is affected, who 
followed the recommendation to setup XStream's security 
framework with a whitelist limited to the minimal required types. 
### Patches If you rely on XStream's default blacklist of the 
Security Framework, you will have to use at least version 1.4.17. 
### Workarounds See [workarounds](https://x- 
stream.github.io/security.html#workaround) for the different 
versions covering all CVEs. #### References See full information 
about the nature of the vulnerability and the steps to reproduce it 
in XStream's documentation for [CVE-2021-xxxxx](https://x- 
stream.github.io/CVE-2021-xxxxx.html). ### Credits V3geB1rd, 
white hat hacker from Tencent Security Response Center found 
and reported the issue to XStream and provided the required 
information to reproduce it. ### For more information If you have 
any questions or comments about this advisory: * Open an issue 
in [XStream](https://github.com/x-stream/xstream/issues) * Email 
us at [XStream Google Group] 
(https://groups.google.com/group/xstream-user) 


2021-05-28 


not yet 
calculated 


CVE-2021-29505 
CONFIRM 








envoy -- envoy 


### Description Envoy does not decode escaped slash 
sequences °%2F* and *%5C° in HTTP URL paths in versions 
1.18.2 and before. A remote attacker may craft a path with 
escaped slashes, e.g. ‘/something%2F..%2Fadmin’, to bypass 
access control, e.g. a block on ‘/admin’. A backend server could 
then decode slash sequences and normalize path and provide an 
attacker access beyond the scope provided for by the access 
control policy. ### Impact Escalation of Privileges when using 
RBAC or JWT filters with enforcement based on URL path. Users 
with back end servers that interpret “%2F* and ‘/ and *%5C° and ~ 


'You are subscribed to National Cyber Awareness System Bulletins 
for Cybersecurity and Infrastructure Security Agency. This 
information has recently been updated, and is now available. 


interchangeably are impacted. ### Attack Vector URL paths 
containing escaped slash characters delivered by untrusted client. 
### Patches Envoy versions 1.18.3, 1.17.3, 1.16.4, 1.15.5 contain 
new path normalization option to decode escaped slash 
characters. ### Workarounds If back end servers treat *%2F* and 
‘Tf and *%5C* and ~ 


'You are subscribed to National Cyber Awareness System Bulletins 
for Cybersecurity and Infrastructure Security Agency. This 
information has recently been updated, and is now available. 


interchangeably and a URL path based access control is 
configured, we recommend reconfiguring back end server to not 
treat *%2F* and ‘/ and °%5C° and * 


'You are subscribed to National Cyber Awareness System Bulletins 
for Cybersecurity and Infrastructure Security Agency. This 
information has recently been updated, and is now available. 


interchangeably if feasible. ### Credit Ruilin Yang 
(ruilin.yri'@gmail.com) ### References https://blog.envoyproxy.io 
https://github.com/envoyproxy/envoy/releases ### For more 
information If you have any questions or comments about this 
advisory: * Open an issue in [Envoy repo] 
(https://github.com/envoyproxy/envoy/issues) * Email us at 
[envoy-security](mailto:envoy-security@googlegroups.com) 


2021-05-28 


not yet 
calculated 


CVE-2021-29492 
CONFIRM 








ettercap -- ettercap 


The gtkui_conf_read function in src/interfaces/gtk/ec_gtk_conf.c in 
Ettercap 0.7.3, when the GTK interface is used, does not ensure 
that the contents of the .ettercap_gtk file are controlled by the root 
user, which allows local users to conduct stack-based buffer 
overflow attacks and possibly execute arbitrary code, cause a 
denial of service (memory consumption), or possibly have 
unspecified other impact via crafted lines in this file. 


2021-05-28 


not yet 
calculated 


CVE-2010-3843 
MISC 
MISC 
MISC 
MISC 
MISC 
MISC 
MISC 








fc5 -- fc5 


Mounting /proc filesystem via chroot command silently mounts it in 
read-write mode. The user could bypass the chroot environment 
and gain write access to files, he would never have otherwise. 


2021-05-27 


not yet 
calculated 





CVE-2008-2544 
MISC 








ffmpeg -- ffmpeg 








A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at 
libavfilter/vf_edgedetect.c in gaussian_blur, which might lead to 





memory corruption and other potential consequences. 








2021-05-27 


not yet 
calculated 











CVE-2020-22032 








MISC 
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submitting 127.0.0.1 multiple times for DoS. 

















Primary ae P Cvss Source & Patch 
Vendor -- Product Descnprion Publlehed | Score Info 
Buffer Overflow vulnerability in FFmpeg 4.2 at convolution_y_10bit ‘ , 
ffmpeg -- ffmpeg in libavfilter/vf_vmafmotion.c, which could let a remote malicious 2021-05-26 Pte ta aa 
user cause a Denial of Service. aici 
A heap-based Buffer Overflow vulnerability exits in FFmpeg 4.2 in Aabvet CVE-2020-22027 
ffmpeg -- ffmpeg deflate16 at libavfilter/vf_neighbor.c, which might lead to memory 2021-05-27 Reiahaoae MISC 
corruption and other potential consequences. MISC 
A heap-based Buffer Overflow vulnerabililty exists in FFmpeg 4.2 . e 
ffmpeg -- ffmpeg in filter_frame at libavfilter/vf_bitplanenoise.c, which might lead to || 2021-05-27 Puss oe oo 
memory corruption and other potential consequences. —— 
_ A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 7 : 
fimpeg'Timped at ff_fill_ rectangle in libavfilter/drawutils.c, which might lead to 2021-05-27 || "otyet 1 ani 
memory corruption and other potential consequences. (eaemeaibass 
Buffer Overflow vulnerability in FFmpeg 4.2 at the lagfun_frame16 ‘ i 
Mimpeg: = inipeg function in libavfilter/vf_lagfun.c, which could let a remote 2021-05-26 |} Tot yet i nn 
malicious user cause Denial of Service. por 
Buffer Overflow vulnerability in FFmpeg 4.2 in the build_diff_map CVE-2020-22020 
fimpeg:= imped function in libavfilter/vf_fieldmatch.c, which could let a remote 2021-05-26 Pct q (Misc 
malicious user cause a Denial of Service. MISC 
zs Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges . e 
peg imped function in libavfilter/vf_yadif.c, which could let a remote malicious |) 2021-05-26 |) "OL Yet ae 
user cause a Denial of Service. Pare 
= A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 7 
fimpegTimped in filter_frame at libavfilter/vf_fieldorder.c, which might lead to 2021-05-27 || Tot yet eee 
memory corruption and other potential consequences. ieee 
Buffer Overflow vulnerability exists in FFmpeg 4.2 in the 
Mmipeg—stibed config_input function at libavfilter/af_tremolo.c, which could let a} 2021-05-26 || "Ol vet | wee 
remote malicious user cause a Denial of Service. ee 
A heap-based Buffer Overflow vulnerability exists in gaussian_blur 2 : 
ffmpeg imped at libavfilter/vf_edgedetect.c, which might lead to memory 2021-05-27 || "otyet en 
corruption and other potential consequences. (amieaaness 
Buffer Overflow vulnerability in FFmpeg 4.2 in 
mov_write_video_tag due to the out of bounds in 
fimpeg -- fimpeg libavformat/movenc.c, which could let a remote malicious user 2021-05-26 aia oo 
obtain sensitive information, cause a Denial of Service, or execute (panna 
arbitrary code. 
Buffer Overflow vulnerability exists in FFmpeg 4.2 in 
apes =iripeg filter_vertically_8 at libavflter/vf_avgblur.c, which could cause a |) 2021-05-26 || "OLYet Er ane! 
remote Denial of Service. inicciadaie 
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 CVE-2020-22029 
ffmpeg -- ffmpeg at libavfilter/vf_colorconstancy.c: in slice_get_derivative, which 2021-05-27 not yet MISC... 
crossfade_samples_fltp, which might lead to memory corruption calculated MISC 
and other potential consequences. = 
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 
fimpeg — fimpeg at libavfilter/af_afade.c in crossfade_samples_fitp, which might |} 2021-05-27 || "ot yet | oo 
lead to memory corruption and other potential consequences. fener 
A Heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 CVE-2020-22031 
fimpeg — fimpeg at libavfilter/vf_w3fdif.c in filter16_complex_low, which might lead |) 2021-05-27 rs 4 [Misc 
to memory corruption and other potential consequences. MISC 
[A heap-based Buffer Overflow vulnerability in FFmpeg 4.2 at 
fimpeg — fimpeg libavcodeciget_bits.h when writing .mov files, which might lead to |) 2021-05-27 || "ot yet | ei 
memory corruption and other potential consequences. aa 
An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed CVE-2021-3561 
: . bounds check in read_objects() could allow an attacker to provide nce 
figdev -- figdev oe : : nae . not yet MISC 
a crafted malicious input causing the application to either crash or || 2021-05-26 calculated |MISC 
in some cases cause memory corruption. The highest threat from MISC 
this vulnerability is to integrity as well as system availability. (eeepc 
In FreeBSD 13.0-STABLE before n245764-876ffe28796c, 12.2- 
STABLE before r369857, 13.0-RELEASE before p1, and 12.2- 
freebsd -- multiple_products RELEASE before p7, a system call triggering a fault could cause 2021-05-28 not yet ||CVE-2021-29628 
SMAP protections to be disabled for the duration of the system calculated ||MISC 
call. This weakness could be combined with other kernel bugs to 
craft an exploit. 
In FreeBSD 13.0-STABLE before n245765-bec0d2c9c841, 12.2- 
STABLE before r369859, 11.4-STABLE before r369866, 13.0- 
freebsd -- multiple_products RELEASE before p1, 12.2-RELEASE before p7, and 11.4- 2021-05-28 not yet |CVE-2021-29629 
RELEASE before p10, missing message validation in libradius(3) calculated |MISC 
could allow malicious clients or servers to trigger denial of service 
in vulnerable servers or clients respectively. 
: ae Frontier ichris through 5.18 mishandles making a DNS request for 
frontier -- ichris the hostname in the HTTP Host header, as demonstrated by 2021-05-29 Bae ean 
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Client can each be affected in some configurations. 

















Prima’ rae : CVSS Source & Patch 
Vendor -- Pesalick Bescnpron Published | Score Info 
; Bt Frontier ichris through 5.18 allows users to upload malicious 
Heneee Seni executable files that might later be downloaded and run by any 2021-05-29 Oe  —— 
: calculated |MISC 
client user. 
There is an insufficient input validation vulnerability in 
fusioncompute -- fusioncompute FusionCompute 8.0.0. Due to the input validation is insufficient, an 2021-05-27 not yet |CVE-2021-22358 
attacker can exploit this vulnerability to upload any files to the calculated |MISC 
device. Successful exploit may cause the service abnormal. 
A NULL-pointer deference issue was discovered in 
gama -- gama GNU_gama::set() in ellipsoid.h in Gama 2.04 which can lead to a 2021-05-28 not yet |CVE-2020-18395 
denial of service (DOS) via segment faults caused by crafted calculated |MISC 
inputs. 
gattlib -- gattlib GattLib 0.3-rc1 has a stack-based buffer over-read in 2021-05-27 not yet |CVE-2021-33590 
get_device_path_from_mac in dbus/gattlib.c. calculated |MISC 
A flaw was found in gdk-pixbuf in versions before 2.42.0. An 
integer wraparound leading to an out of bounds write can occur oo 
gdk-pixbuf -- gdk-pixbuf when a crafted GIF image is loaded. An attacker may cause 2021-05-28 not yet FEDORA 
applications to crash or could potentially execute code on the calculated FEDORA 
victim system. The highest threat from this vulnerability is to data FEDORA 
confidentiality and integrity as well as system availability. ae 
Github's CodeQL action is provided to run CodeQL-based code 
scanning on non-GitHub Cl/CD systems and requires a GitHub 
access token to connect to a GitHub repository. The runner and its 
documentation previously suggested passing the GitHub token as 
a command-line parameter to the process instead of reading it 
from a file, standard input, or an environment variable. This 
approach made the token visible to other processes on the same 
machine, for example in the output of the ‘ps’ commana. If the Cl 
system publicly exposes the output of ‘ps’, for example by logging 
the output, then the GitHub access token can be exposed beyond 
the scope intended. Users of the CodeQL runner on 3rd-party 
systems, who are passing a GitHub token via the °--github-auth* 
flag, are affected. This applies to both GitHub.com and GitHub 
Enterprise users. Users of the CodeQL Action on GitHub Actions 
are not affected. The *--github-auth’ flag is now considered ora ea 
ithub -- codeal insecure and deprecated. The undocumented *--external- not yet |IMISC 
9 q repository-token’ flag has been removed. To securely provide a 2021-05-25 | ie d lmisc 
GitHub access token to the CodeQL runner, users should **do Serene MISC 
one of the following instead**: Use the °--github-auth-stdin’ flag MISC 
and pass the token on the command line via standard input OR _——— 
set the ‘GITHUB_TOKEN’ environment variable to contain the 
token, then call the command without passing in the token. The 
old flag remains present for backwards compatibility with existing 
workflows. If the user tries to specify an access token using the °-- 
github-auth’ flag, there is a deprecation warning printed to the 
terminal that directs the user to one of the above options. All 
CodeQL runner releases codeql-bundle-20210304 onwards 
contain the patches. We recommend updating to a recent version 
of the CodeQL runner, storing a token in your Cl system's secret 
storage mechanism, and passing the token to the CodeQL runner 
using °--github-auth-stdin® or the “GITHUB_TOKEN’ environment 
variable. If still using the old flag, ensure that process output, such 
as from ‘ps’, is not persisted in Cl logs. 
A vulnerability exists in the SAML connector of the 
github.com/dexidp/dex library used to process SAML Signature CVE-2020-27847 
github -- dexidp_dex_library Validation. This flaw allows an attacker to bypass SAML 2021-05-28 not yet MISC 
authentication. The highest threat from this vulnerability is to calculated ||MISC 
confidentiality, integrity, as well as system availability. This flaw MISC 
affects dex versions before 2.27.0. 
CVE-2021-3486 
glpi -- glpi GLPi 9.5.4 does not sanitize the metadata. This way its possible 2021-05-26 not yet MISC 
to insert XSS into plugins to execute JavaScript code. calculated |MISC 
MISC 
The mq_notify function in the GNU C Library (aka glibc) through 
; ; 2.33 has a use-after-free. It may use the notification thread 
ghu_c_library — gnu_¢_jibrary attributes object (passed theush its struct sigevent parameter) 2021-05-25 i i . d mmc 
after it has been freed by the caller, leading to a denial of service calcurated jis 
(application crash) or possibly unspecified other impact. 
Go through 1.15.12 and 1.16.x through 1.16.4 has a not yet |CVE-2021-33194 
go -- go er aa infinite loop via crafted ParseFragment 2021-05-26 calculated |CONFIRM 
net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows CVE-2021-31525 
go -- go remote attackers to cause a denial of service (panic) via a large 2024-05-27 not yet MISC... 
header to ReadRequest or ReadResponse. Server, Transport, and calculated MISC 
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hewlett_packard_enterprises -- 
multiple_products 


[A remote xss vulnerability was discovered in HPE Integrated 
Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated 
Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 
Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE 
SimpliVity 325; HPE SimpliVity 380 Gen10 H version(s): Prior to 
version 2.78. 


2021-05-25 


not yet 
calculated 


CVE-2021-29211 
MISC 








hewlett_packard_enterprises -- 
multiple_products 


A remote dom xss, crlf injection vulnerability was discovered in 
HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Geng; 
HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE 
SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 
Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H 
version(s): Prior to version 2.78. 


2021-05-25 


not yet 
calculated 


CVE-2021-29208 
MISC 








hewlett_packard_enterprises -- 
multiple_products 


[A remote xss vulnerability was discovered in HPE Integrated 
Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated 
Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 
Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE 
SimpliVity 325; HPE SimpliVity 380 Gen10 H version(s): Prior to 
version 2.78. 


2021-05-25 


not yet 
calculated 


CVE-2021-29205 
MISC 








hewlett_packard_enterprises -- 
multiple_products 


A remote dom xss, crlf injection vulnerability was discovered in 
HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Geng; 
HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE 
SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 
Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H 
version(s): Prior to version 2.78. 


2021-05-25 


not yet 
calculated 


CVE-2021-29210 
MISC 








hewlett_packard_enterprises -- 
multiple_products 


A remote dom xss, crlf injection vulnerability was discovered in 
HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Geng; 
HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE 
SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 
Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H 
version(s): Prior to version 2.78. 


2021-05-25 


not yet 
calculated 


CVE-2021-29209 
MISC 








hewlett_packard_enterprises -- 
multiple_products 


[A remote xss vulnerability was discovered in HPE Integrated 
Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated 
Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 
Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE 
SimpliVity 325; HPE SimpliVity 380 Gen10 H version(s): Prior to 
version 2.78. 


2021-05-25 


not yet 
calculated 


CVE-2021-29206 
MISC 








hewlett_packard_enterprises -- 
multiple_products 


[A remote xss vulnerability was discovered in HPE Integrated 
Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated 
Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 
Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE 
SimpliVity 325; HPE SimpliVity 380 Gen10 H version(s): Prior to 
version 2.78. 


2021-05-25 


not yet 
calculated 


CVE-2021-29207 
MISC 








hewlett_packard_enterprises -- 
multiple_products 


A local buffer overflow vulnerability was discovered in HPE 
Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE 
Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE 
SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 
Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H 
version(s): Prior to version 2.78. 


2021-05-25 


not yet 
calculated 


CVE-2021-29202 
MISC 








hewlett_packard_enterprises -- 
multiple_products 


A remote xss vulnerability was discovered in HPE Integrated 
Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated 
Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 
Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE 
SimpliVity 325; HPE SimpliVity 380 Gen10 H version(s): Prior to 
version 2.78. 


2021-05-25 


not yet 
calculated 


CVE-2021-29201 
MISC 








hewlett_packard_enterprises -- 
multiple_products 








A remote xss vulnerability was discovered in HPE Integrated 
Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated 
Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 
Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE 
SimpliVity 325; HPE SimpliVity 380 Gen10 H version(s): Prior to 
version 2.78. 











2021-05-25 





not yet 
calculated 





CVE-2021-29204 
MISC 
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http4s -- http4s 


Http4s is a Scala interface for HTTP services. *StaticFile.fromUrl’ 
can leak the presence of a directory on a server when the “URL” 
scheme is not file://’, and the URL points to a fetchable resource 
under its scheme and authority. The function returns “F[None]’, 
indicating no resource, if ‘url.getFile’ is a directory, without first 
checking the scheme or authority of the URL. If a URL connection 
ito the scheme and URL would return a stream, and the path in the 
URL exists as a directory on the server, the presence of the 
directory on the server could be inferred from the 404 response. 
The contents and other metadata about the directory are not 
exposed. This affects http4s versions: 0.21.7 through 0.21.23, 
0.22.0-M1 through 0.22.0-M8, 0.23.0-M1, and 1.0.0-M1 through 
1.0.0-M22. The [patch] 
(https://github.com/http4s/http4s/commit/52e18906654 10b4385e3 7, 
is available in the following versions: v0.21.24, v0.22.0-M9, 
VO0.23.0-M2, v1.0.0-M23. As a workaround users can avoid calling 
*StaticFile.fromUrl’ with non-file URLs. 


2021-05-27 


b96bc49c5e3c 


not yet 
calculated 


08e4e9) 


CVE-2021-32643 
CONFIRM 

MISC 

MISC 








huawei -- mate_30 


There is a denial of service vulnerability in the versions 
10.1.0.126(CO0E125R5P3) of HUAWEI Mate 30 and 
10.1.0.152(CO0E136R7P2) of HUAWEI Mate 30 (5G) . A module 
does not verify certain parameters sufficiently and it leads to some 
exceptions. Successful exploit could cause a denial of service 
condition. 


2021-05-27 


not yet 
calculated 


CVE-2021-22364 
MISC 








huawei -- multiple_ products 


‘There is an out-of-bounds write vulnerability in some Huawei 
products. The code of a module have a bad judgment logic. 
Attackers can exploit this vulnerability by performing multiple 
abnormal activities to trigger the bad logic and cause out-of- 
bounds write. This may compromise the normal service of the 
module.Affected product versions include: NGFW Module 
versions 
V500RO05CO0SPC100,V500RO05CO00SPC200;Secospace 
USG6300 versions 


V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPG500, VS500RO05C00SPC100 


USG6500 versions 


V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPG500, VS500RO05CO0SPC100 


USG6600 versions 


V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPG500, VS500RO05C00SPC100 


versions 


2021-05-27 


V500RO001C60SPC500, VS00RO05CO0SPC100,V500RO05CO0SPG200. 


not yet 
calculated 


CVE-2021-22411 
MISC 

VS500RO05COOSPC2 
VS500ROO05COOSPC2( 


VS500RO05COOSPC2 








huawei -- multiple_products 


There is a resource management error vulnerability in the 
verisions V500R001C60SPC500, V500RO05CO00SPC100, 
V500RO05CO00SPC200 of USG9500. An authentication attacker 
needs to perform specific operations to exploit the vulnerability on 
the affected device. Due to improper resource management of the 
function, the vulnerability can be exploited to cause service 
abnormal on affected devices. 


2021-05-27 


not yet 
calculated 


CVE-2021-22360 
MISC 








huawei -- multiple_products 


There is an out of bounds write vulnerability in some Huawei 
products. An attacker can exploit this vulnerability by sending 
crafted data in the packet to the target device. Due to insufficient 
validation of message, successful exploit can cause certain 
service abnormal.Affected product versions include:CloudEngine 
12800 versions 


V200R002C50SPC800,V200RO03CO0SPC810,V200RO05CO0SPCG8@02/20GRD05| 188800 
calculate 


5800 versions 


V200RO002C50SPC800,V200RO003CO0SPC810,V200RO05COOSPG800,V200R005C10SPC800 


6800 versions 


V200R002C50SPC800,V200RO03CO0SPC810,V200RO05COOSPG800,V200R005C10SPC800 


7800 versions 


V200RO002C50SPC800,V200RO003CO0SPC810,V200RO05CO0SPG800, V200RO05C10SPC800 


peeaRrbebdSPcan 


V200R019CO00SPC80' 


V200RO05C20SPC80' 


V200R019CO0SPC8I( 








There is a denial of service vulnerability in the verisions 















































huawei -- V200ROO05CO0SPC500 of S5700 and V200ROO5CO0SPC500 of not vet |ICVE-2021-22359 
s5700_and_s6700_devices $6700. An attacker could exploit this vulnerability by sending 2021-05-27 eeucied MISC... 
specific message to a targeted device. Due to insufficient input fo 
validation, successful exploit can cause the service abnormal. 
An issue was discovered in 
management/commands/hyperkitty_import.py in HyperkKitty CVE-2021-33038 
hyerkitty -- hyperkitty through 1.3.4. When importing a private mailing list's archives, 2021-05-26 not yet CONFIRM 
these archives are publicly visible for the duration of the import. calculated |CONFIRM 
For example, sensitive information might be available on the web DEBIAN 
for an hour during a large migration from Mailman 2 to Mailman 3. 
ibm -- cloud_pak IBM Cloud Pak for Data 3.0 could allow an authenticated user to not yet CVE-2021-20486 
= obtain sensitive information when installed with additional plugins. || 2021-05-26 calculated CONFIRM 
IBM X-Force ID: 197668. XF 
ibm -- dd2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect not yet CVE-2019-4588 
Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to 2021-05-26 salcilaied XF 
execute arbitrary code and conduct DLL hijacking attacks. CONFIRM 
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Prima’ ae : CVSS Source & Patch 
Vendor -- Pealiek Descmpron eubiiehed Score Info 
IBM Host firmware for LC-class Systems could allow a remote CVE-2021-29695 
ibm -- host_firmware attacker to traverse directories on the system. An attacker could 2024-05-25 not yet CONFIRM 
send a specially-crafted URL request that would allow them to calculated XE! 
delete arbitrary files on the system. IBM X-Force ID: 200558. (sea 
IBM Power9 Self Boot Engine(SBE) could allow a privileged user CVE-2021-20487 
ibm -- power9_self_boot_engine to inject malicious code and compromise the integrity of the host 2021-05-26 not yet CONFIRM 
firmware bypassing the host firmware signature verification calculated XE 
process. lence 
IBM Spectrum Scale 5.1.0.1 could allow a local with access to the CVE-2021-29708 
ibm -- spectrum_scale GUI pod container to obtain sensitive cryptographic keys that 2021-05-25 not yet XE ttSC~S 
could allow them to elevate their privileges. IBM X-Force ID: calculated CONFIRM 
200883. —————— 
IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java 
ibm -- Batch is vulnerable to an XML External Entity Injection (XXE) notvet CVE-2021-20492 
websphere_applcation_server attack when processing XML data. A remote attacker could exploit|| 2021-05-26 ae ar XF 
this vulnerability to expose sensitive information or consume CONFIRM 
memory resources. IBM X-Force ID: 197793. 
’ P A Cross Site Request Forgery (CSRF) vulnerability was 
hems <= 0ms Biecoucted NICHE 70.16 which Con claw cnet ker anneal) BODkARSE Cale 
arbitrary web scripts. calcurated jis 
bo ct eee InspIRCd 3.8.0 through 3.9.x before 3.10.0 allows any user (able CVE-2021-33586 
inspiied <lnapied to conned to the sored to access recently aealioesied ase 2021-05-27 ae MISC 
aka the "malformed PONG" issue. caroulate' IMISC 
In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 
4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x 
series or lower and releases in the 4.3.x series) are beyond their 
End-of-Life (EOL) and no longer supported by ISC. From 
inspection it is clear that the defect is also present in releases 
from those series, but they have not been officially tested for the 
vulnerability), The outcome of encountering the defect while 
reading a lease that will trigger it varies, according to: the 
component being affected (i.e., dhclient or dhcpd) whether the 
package was built as a 32-bit or 64-bit binary whether the compiler 
flag -fstack-protection-strong was used when compiling In 
dhclient, ISC has not successfully reproduced the error on a 64-bit 
‘ system. However, on a 32-bit system it is possible to cause 
ise — dhep Aiholiert to crash when meaeing aa ciieens lease, which could 2021-05-26 7 ie ore ns 
cause network connectivity problems for an affected system due caicuaer ee 
ito the absence of a running DHCP client process. In dhcpd, when 
run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was 
built for a 32-bit architecture AND the -fstack-protection-strong flag 
was specified to the compiler, dhcpd may exit while parsing a 
lease file containing an objectionable lease, resulting in lack of 
service to clients. Additionally, the offending lease and the lease 
immediately following it in the lease database may be improperly 
deleted. if the dhcpd server binary was built for a 64-bit 
architecture OR if the -fstack-protection-strong compiler flag was 
NOT specified, the crash will not occur, but it is possible for the 
offending lease and the lease which immediately followed it to be 
improperly deleted. 
Istio before 1.8.6 and 1.9.x before 1.9.5 has a remotely exploitable 
re — vulnerability where an HTTP request path with multiple slashes or 
St 1sN0 escaped slash characters (%2F or %5C) could potentially bypass || 2021-05-27 ee vee aa 
an Istio authorization policy when path based authorization rules calculated (LN 
are used. 
inkaria-c: expression langlade In the Jakarta Expression Language implementation 3.0.3 and not vet CVE-2021-28170 
J P anguag earlier, a bug in the ELParserTokenManager enables invalid EL | 2021-05-26 | i ted [CONEIRM 
expressions to be evaluated as if they were valid. calculate CONFIRM 
‘enkins<= filesystem anager pluain Jenkins Filesystem Trigger Plugin 0.40 and earlier does not iat vet CVE-2021-21657 
J ystem_trigger_Pplugin configure its XML parser to prevent XML external entity (XXE) 2021-05-25 yer |CONFIRM 
calculated 
attacks. MLIST 
Jenkins Markdown Formatter Plugin 0.1.0 and earlier does not 
jenkins -- sanitize crafted link target URLs, resulting in a stored cross-site not vat a 
markdown_formatter_plugin scripting (XSS) vulnerability exploitable by attackers with the 2021-05-25 ied MISC. 
ability to edit any description rendered using the configured IMLIST 
markup formatter. (eras 
jenkins -- nuget_plugin Jenkins Nuget Plugin 1.0 and earlier does not configure its XML 2021-05-25 not yet Caton 
parser to prevent XML external entity (XXE) attacks. calculated MLIST 
\jitsi -- meet |jitsi-meet-prosody in Jitsi Meet before 5026 does not ensure that 2021-05-26 not yet oe 
restrict_room_creation is set by default. calculated MISC. 
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Primary ae P Cvss Source & Patch 
Vendor -- Product Bescmpron Published | Score Info 
= es Prototype pollution vulnerability in 'js-extend' versions 0.0.1 - J 
[SOR ISna Seco end through 1.0.1 allows attacker to cause a denial of service and may||_ 2021-05-26 es jo 
lead to remote code execution. (paar: 
A flaw was found in ceph-dashboard. The JSON Web Token 
; (JWT) used for user authentication is stored by the frontend 
json web_token application in the browser’s localStorage which is potentially 2021-05-26 dae oo 
vulnerable to attackers via XSS attacks. The highest threat from << 
this vulnerability is to data confidentiality and integrity. 
A flaw was found in keycloak in versions before 13.0.0. A Self 
Stored XSS attack vector escalating to a complete account 
keycloak -- keycloak takeover is possible due to user-supplied data fields not being 2021-05-28 not yet CVE-2021-20195 
properly encoded and Javascript code being used to process the calculated |MISC 
data. The highest threat from this vulnerability is to data 
confidentiality and integrity as well as system availability. 
A flaw was found in Keycloak before version 12.0.0 where it is 
- possible to update the user's metadata attributes using Account . . 
pepelaales heyeloak REST API. This flaw allows an attacker to change its own NamelD 2021-05-28 || TOtyet 1 anol 
attribute to impersonate the admin user for any particular anemaens 
application. 
An authentication bypass vulnerability was found in Kiali in 
versions before 1.31.0 when the authentication strategy “OpenID* 
kiali -- kiali is used. When RBAC is enabled, Kiali assumes that some of the nokvet CVE-2021-20278 
token validation is handled by the underlying cluster. When 2021-05-28 icaiaa MISC 
OpenID ‘implicit flow’ is used with RBAC turned off, this token MISC 
validation doesn't occur, and this allows a malicious user to 
bypass the authentication. 
koal —koal Koel before 5.1.4 lacks login throttling, lacks a password strength not vet CVE-2021-33563 
policy, and shows whether a failed login attempt had a valid 2021-05-24 eatcutted MISC 
username. This might make brute-force attacks easier. MISC 
A flaw was found in the KubeVirt main virt-handler versions before 
; . 0.26.0 regarding the access permissions of virt-handler. An 
Sub e RDee attacker with access to create VMs could attach any secret within || 2021-05-27 Beli . d eo 
their namespace, allowing them to read the contents of that hares 
secret. 
A flaw was found in libcaca. A buffer overflow of export.c in not vet CVE-2021-30499 
libcaca -- libcaca function export_troff might lead to memory corruption and other 2021-05-27 sae MISC 
potential consequences. MISC 
libeaea <clibeaca A flaw was found in libcaca. A heap buffer overflow in export.c in not yet CVE-2021-30498 
function export_tga might lead to memory corruption and other 2021-05-26 eed MISC 
potential consequences. MISC 
libgrss through 0.7.0 fails to perform TLS certificate verification CVE-2016-20011 
libgrss -- libgrss when downloading feeds, allowing remote attackers to manipulate notyet [Rian 
: : : 2021-05-25 MISC 
the contents of feeds without detection. This occurs because of calculated MISC 
the default behavior of SoupSessionSync. —— 
An information disclosure vulnerability was found in libvirt in 
versions before 6.3.0. HTTP cookies used to access network- 
libvirt -- libvirt based disks were saved in the XML dump of the guest domain. 2021-05-27 not yet |CVE-2020-14301 
This flaw allows an attacker to access potentially sensitive calculated |MISC 
information in the domain configuration via the “dumpxmI’ 
command. 
A flaw was found in libvirt in the virConnectListAllNodeDevices 
API in versions before 7.0.0. It only affects hosts with a PCI device 
peas F ‘ : and driver that supports mediated devices (e.g., GRID driver). 
pvirt ~ virconnectiistalinodedevices tris flaw could be used by an unprivileged client with a read-only |) 2021-05-24 || "ot yet | a 
connection to crash the libvirt daemon by executing the 'nodedev- i 
list’ virsh command. The highest threat from this vulnerability is to 
system availability. 
CVE-2020-25673 
A vulnerability was found in Linux kernel where non-blocking nok vat ae 
linux -- linux_kernel socket in llcp_sock_connect() leads to leak and eventually 2021-05-26 reid FEDORA 
hanging-up the system. Tee 
MISC 
FEDORA 
CVE-2020-25670 
FEDORA 
A vulnerability was found in Linux Kernel where refcount leak in ok vet MLIST 
linux -- linux_kernel Ilcp_sock_bind() causing use-after-free which might lead to 2021-05-26 ein as FEDORA 
privilege escalations. MLIST 
MISC 
FEDORA 
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Primary ae P Cvss Source & Patch 
Vendor -- Product Bescmpron Published Score Info 
AA memory disclosure flaw was found in the Linux kernel's versions 
: F before 4.18.0-193.el8 in the sysctl subsystem when reading the 
Heisler etme /proc/sys/kernel/rh_features file. This flaw allows a local user to 2021-05-27 sae a 
read uninitialized values from the kernel memory. The highest ——— 
threat from this vulnerability is to confidentiality. 
CVE-2020-25669 
A vulnerability was found in the Linux Kernel where the function ae 
inte linux: kernel sunkbd_reinit having been scheduled by sunkbd_interrupt before not vet IMLIST 
= sunkbd being freed. Though the dangling pointer is set to NULL in || 2021-05-26 cated MLIST 
sunkbd_disconnect, there is still an alias in sunkbd_reinit causing IMLIST 
Use After Free. MISC 
MISC 
kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces 
incorrect limits for pointer arithmetic operations, aka CID- 
, F bb01a1bba579. This can be abused to perform out-of-bounds 
panies laine ome! reads and writes in kernel memory, leading to local privilege 2021-05-27 Peli ao 
escalation to root. In particular, there is a corner case where the le 
off reg causes a masking direction change, which then results in 
an incorrect final aux->alu_limit. 
CVE-2020-25668 
MLIST 
MLIST 
nue linux keRiel A flaw was found in Linux Kernel because access to the global not vet MISC 
= variable fg_console is not properly synchronized leading toa use || 2021-05-26 dod MISC 
after free in con_font_op. MLIST 
MISC 
MLIST 
MISC 
CVE-2020-27815 
MISC 
A flaw was found in the JFS filesystem code in the Linux Kernel Cee 
: : which allows a local attacker with the ability to set extended 
linux -- linux_kernel : : : : not yet |MISC 
= attributes to panic the system, causing memory corruption or 2021-05-26 calculated |IDEBIAN 
escalating privileges. The highest threat from this vulnerability is to MISC 
confidentiality, integrity, as well as system availability. 
MLIST 
MLIST 
MLIST 
A flaw was found in the Linux kernel's implementation of string 
; : matching within a packet. A privileged user (with root or 
lino Naas heme CAP_NET_ADMIN) when inserting iptables rules could insert a | 2021-05-26 || "ot yet | a 
rule which can panic the system. Kernel before kernel 5.5-rc11 is leewecmees 
affected. 
An issue was discovered in the Linux: KVM through Improper 
handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO nd 
linux -- linux_kernel checks and can lead to pages being freed while still accessible by 2021-05-26 not yet IMLIST 
the VMM and guest. This allows users with the ability to start and calculated MLIST 
control a VM to read/write random pages of memory and can MLIST 
result in local privilege escalation. —— 
There is a flaw reported in the Linux kernel in versions before 5.9 
in drivers/gpu/drm/nouveau/nouveau_sgdma.c in 
nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The 
linux -- linux_kernel issue results from the lack of validating the existence of an object 2021-05-28 not yet |CVE-2021-20292 
prior to performing operations on the object. An attacker with a calculated ||MISC 
local account with a root privilege, can leverage this vulnerability 
to escalate privileges and execute code in the context of the 
kernel. 
A flaw was found in the Linux kernel in versions before 5.4.92 in 
linux -- linux_kernel the BPF protocol. This flaw allows an attacker with a local account 2021-05-28 not yet |CVE-2021-20239 
ito leak information about kernel internal addresses. The highest calculated |MISC 
threat from this vulnerability is to confidentiality. 
ICVE-2020-25671 
: F A vulnerability was found in Linux Kernel, where a refcount leak in FEDORA 
linux -- linux_kernel : : : not yet |MLIST 
= Ilcp_sock_connect() causing use-after-free which might lead to 2021-05-26 calculated |EEDORA 
privilege escalations. mex 
MISC 
FEDORA 
A flaw was found in the mysql-wsrep component of mariadb. Lack . 
of input sanitization in ‘wsrep_sst_method’ allows for command oe 
fiariadb:—. matiadb injection that can be exploited by a remote attacker to execute not vet IMLIST 
arbitrary commands on galera cluster nodes. This threatens the 2021-05-27 ced GENTOO 
system's confidentiality, integrity, and availability. This flaw affects CONFIRM 
mariadb versions before 10.1.47, before 10.2.34, before 10.3.25, DEBIAN 





before 10.4.15 and before 10.5.6. 


























https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2e20e17 


27/38 


































































































6/1/2021 Vulnerability Summary for the Week of May 24, 2021 
Primary aare P Cvss Source & Patch 
Vendor -- Product Bescmpron Published Score Info 
Execute arbitrary code vulnerability in Micro Focus SiteScope 
product, affecting versions 11.40,11.41 , 2018.05(11.50), 
micro_focus -- sitescope 2018.08(11.51), 2018.11(11.60), 2019.02(11.70), 2019.05(11.80), 2021-05-28 not yet |CVE-2021-22519 
2019.08(11.90), 2019.11(11.91), 2020.05(11.92), 2020.10(11.93). calculated ||MISC 
The vulnerability could allow remote attackers to execute arbitrary 
code on affected installations of SiteScope. 
A buffer overflow vulnerability exists in Windows File Resource 
microsoft -- windows Profiles in 9.X allows a remote authenticated user with privileges 2021-05-27 not yet |CVE-2021-22908 
to browse SMB shares to execute arbitrary code as the root user. calculated |MISC 
As of version 9.1R3, this permission is not enabled by default. 
Improper Input Validation vulnerability exists in Modicon 
modicon -- m241/m251_controllers |[M241/M251 logic controllers firmware prior to V5.1.9.1 that could 2021-05-26 not yet |CVE-2021-22699 
cause denial of service when specific crafted requests are sent to calculated |MISC 
the controller over HTTP. 
Weak Password Recovery Mechanism for Forgotten Password 
: F vulnerability exists on Modicon Managed Switch MCSESM* and 
meen ane Sate MCSESP* V8.21 and prior which could cause an unauthorized 2021-05-26 || TOtyet v1 no! 
password change through HTTP / HTTPS when basic user ra 
information is known by a remote attacker. 
Improper Restriction of Operations within the Bounds of a Memory 
: . Buffer vulnerability exists that could cause denial of service or 
aedieee ee een unauthorized access to system information when interacting 2021-05-26 aa . d an 
directly with a driver installed by Vijeo Designer or EcoStruxure fe 
Machine Expert 
An information disclosure vulnerability exists in the Rocket.Chat 
mangodbis Foeket ene server fixed v3.13, v3.12.2 & v3.1.3 that allowed email addresses|| 2021-05-27 | Notyet |CVE-2021-22692 
; : eat calculated |MISC 
to be disclosed by enumeration and validation checks. 
A improper input sanitization vulnerability exists in Rocket.Chat 
miangodb:+-faexst Bia! server 3.11, 3.12 & 3.13 that could lead to unauthenticated 2021-05-07 || eee 
NoSQL injection, resulting potentially in RCE. —— 
ee An exposed remote debugging port in Naver Comic Viewer prior 
Naver=Comic VIEWEr to 1.0.15.0 allowed a remote attacker to execute arbitrary code via||_ 2021-05-28 HOLE! ieee ee soe 
calculated |CONFIRM 
a crafted HTML page. 
Aetworkniandder= A flaw was found in NetworkManager in versions before 1.30.0. 
att iatintanle. 8 Setting match.path and activating a profile crashes 2021-05-26 not yet ||CVE-2021-20297 
9 NetworkManager. The highest threat from this vulnerability is to calculated |MISC 
system availability. 
CVE-2020-27211 
nordié Nordic Semiconductor nRF52840 devices through 2020-10-19 MISC 
a : have improper protection against physical side channels. The oe not yet MISC 
pomicondictor mig2ed0 devices flash read-out protection (APPROTECT) can be bypassed by euellae! calculated |MISC 
injecting a fault during the boot phase. MISC 
MISC 
A flaw was found in openstack-neutron's default Open vSwitch 
firewall rules. By sending carefully crafted packets, anyone in 
control of a server instance connected to the virtual switch can 
impersonate the IPv6 addresses of other systems on the network, 
open -- vswitch resulting in denial of service or in some cases possibly 2021-05-28 not yet |CVE-2021-20267 
interception of traffic intended for other destinations. Only calculated |MISC 
deployments using the Open vSwitch driver are affected. Source: 
OpenStack project. Versions before openstack-neutron 15.3.3, 
openstack-neutron 16.3.1 and openstack-neutron 17.1.1 are 
affected. 
A flaw was found in OpenLDAP in versions before 2.4.56. This — 
openlidap -- openidap flaw allows an attacker who sends a malicious packet processed 2021-05-28 not yet MISC 
by OpenLDAP to force a failed assertion in csnNormalize23(). The calculated ||- —— 7 
: . ie ¢ Sects DEBIAN 
highest threat from this vulnerability is to system availability. MISC 
In OpenNMS Horizon, versions opennms-17.0.0-1 through 
opennms-27.1.0-1; OpenNMS Meridian, versions meridian- 
foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; 
meridian-foundation-2020.1.0-1 through meridian-foundation- not vat wee 
opennms -- horizon 2020.1.7-1 are vulnerable to Stored Cross-Site Scripting, since the|| 2021-05-25 y Perea 
nae é : ree . calculated |MISC 
function “add() performs improper validation checks on the input MISC 








sent to the ‘foreign-source’ parameter. Due to this flaw an attacker 
could bypass the existing regex validation and inject an arbitrary 
script which will be stored in the database. 
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vulnerability is to system availability. 

















Primary ae P Cvss Source & Patch 
Vendor -- Product Bescnpren Published Score Info 
In OpenNMS Horizon, versions opennms-18.0.0-1 through 
opennms-27.1.0-1; OpenNMS Meridian, versions meridian- 
foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; 
Bpenanis-<: horizon meridian-foundation-2020.1.0-1 through meridian-foundation- natal ona 
P 2020.1.7-1 are vulnerable to Stored Cross-Site Scripting, since the|} 2021-05-25 y Peyces 
mapas pave : calculated |MISC 
function ‘createRequisitionedNode() does not perform any MISC 
validation checks on the input sent to the “node-label’ parameter. i 
Due to this flaw an attacker could inject an arbitrary script which 
will be stored in the database. 
A flaw was found in the OpenShift web console, where the access 
; : token is stored in the browser's local storage. An attacker can use 
Openshift — openshift this flaw to get the access token via physical access, or an XSS 2021-05-27 Pea eee nn 
attack on the victim's browser. This flaw affects openshift/console frames 
versions before openshift/console-4. 
A stored cross-site scripting (XSS) vulnerability was discovered in 
openwrt -- luci the Web Interface for OpenWRT LuCl version 19.07 which allows 2021-05-25 not yet |CVE-2021-33425 
attackers to inject arbitrary Javascript in the OpenWRT Hostname calculated |MISC 
via the Hostname Change operation. 
ppenwikluch The Web Interface for OpenWRT LuCl version 19.07 and lower not-vet CVE-2021-27821 
P has been discovered to have a cross-site scripting vulnerability 2021-05-25 ued MISC 
which can lead to attackers carrying out arbitrary code execution. MISC 
ivai-—onibysase~ oem The Pixar ruby-jss gem before 1.6.0 allows remote attackers to nok vat CVE-2021-33575 
P y_ISs_g execute arbitrary code because of the Plist gem's documented 2021-05-25 cated MISC 
behavior of using Marshal.load during XML document processing. MISC 
A flaw was found in pki-core 10.9.0. A specially crafted POST 
7 are request can be used to reflect a DOM-based cross-site scripting . : 
paises ne (XSS) attack to inject code into the search query form which can 2021-05-28 Pi ae wee 
get automatically executed. The highest threat from this laren 
vulnerability is to data integrity. 
A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow 
- in PdfEncryptMD5Base::ComputeOwnerKey function in “05. not yet |CVE-2021-30472 
ROgaIO ys poder PdfEncrypt.cpp is possible because of a improper check of the erey lee? calculated |MISC 
keyLength value. 
A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call 
podofo -- podofo among PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant() 2021-05-26 not yet |CVE-2021-30470 
and PdfTokenizer::ReadDataType() functions can lead to a stack calculated |MISC 
overflow. 
A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call 
podofo — podofo in PdfNamesTree::AddToDictionary function in 2021-05-26 |) "ot vet ans 
src/podofo/doc/PdfNamesTree.cpp can lead to a stack overflow. (gueietana 
A flaw was found in PoDoFo 0.9.7. An use-after-free in 
podofo — podofo PoDoFo::PdfVecObjects::Clear() function can cause a denial of 2021-05-26 not yet. | vase aie 
y : g calculated |MISC 
service via a crafted PDF file. 
Some PON MDU devices of ZTE stored sensitive information in 
plaintext, and users with login authority can obtain it by inputing 
pon -- mdu_devices command. This affects: ZTE PON MDU device ZXA10 F821 2021-05-28 not yet |CVE-2021-21734 
V1.7.0P3T22, ZXA10 F822 V1.4.3T6, ZXA10 F819 V1.2.1T5, calculated |MISC 
ZXA10 F832 V1.1.1T7, ZXA10 F839 V1.1.0T8, ZXA10 F809 
V3.2.1T1, ZXA10 F822P V1.1.1T7, ZXA10 F832 V2.00.00.01 
isan connect secure A vulnerability allowed multiple unrestricted uploads in Pulse 
ice ab eae ka ice Connect Secure before 9.1R11.4 that could lead to an 2021-05-27 not yet |CVE-2021-22900 
pulse = authenticated administrator to perform a file write via a maliciously calculated |MISC 
crafted archive upload in the administrator web interface. 
pulse_connect_secure -- A command injection vulnerability exists in Pulse Connect Secure i ? 
pulse_connect_secure before 9.1R11.4 allows a remote authenticated attacker to perform|} 2021-05-27 not yet . bee easieteeeeo9 
: a : calculated |MISC 
remote code execution via Windows Resource Profiles Feature 
bisa* connect secure A buffer overflow vulnerability exists in Pulse Connect Secure 
Dee ane ate before 9.1R11.4 allows a remote authenticated attacker to execute 2021-05-27 not yet |CVE-2021-22894 
pulse_ = arbitrary code as the root user via maliciously crafted meeting calculated |MISC 
room. 
A use-after-free vulnerability was found in the am53c974 SCSI 
host bus adapter emulation of QEMU in versions before 6.0.0 CVE-2020-35506 
qemu -- qemu during the handling of the 'Information Transfer’ command 2021-05-28 not yet |MLIST 
(CMD_TIl). This flaw allows a privileged guest user to crash the calculated ||MISC 
QEMU process on the host, resulting in a denial of service or MISC 
potential code execution with the privileges of the QEMU process. 
A NULL pointer dereference flaw was found in the SCSI emulation 
anius=/ Hern support of QEMU in versions before 6.0.0. This flaw allows a Botwat ee 
q q privileged guest user to crash the QEMU process on the host, 2021-05-28 eee MISC 
resulting in a denial of service. The highest threat from this MISC 
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qemu -- qemu 


A missing authorization flaw was found in the libvirt API 
responsible for changing the QEMU agent response timeout. This 
flaw allows read-only connections to adjust the time that libvirt 
waits for the QEMU guest agent to respond to agent commands. 
Depending on the timeout value that is set, this flaw can make 
guest agent commands fail because the agent cannot respond in 
time. Unprivileged users with a read-only connection could abuse 
this flaw to set the response timeout for all guest agent messages 
to zero, potentially leading to a denial of service. This flaw affects 
libvirt versions before 6.2.0. 


2021-05-27 


not yet 
calculated 


CVE-2020-10701 
MISC 








qemu -- qemu 


A flaw was found in the USB redirector device (usb-redir) of 
QEMU. Small USB packets are combined into a single, large 
transfer request, to reduce the overhead and improve 
performance. The combined size of the bulk transfer is used to 
dynamically allocate a variable length array (VLA) on the stack 
without proper validation. Since the total size is not bounded, a 
malicious guest could use this flaw to influence the array length 
and cause the QEMU process to perform an excessive allocation 
on the stack, resulting in a denial of service. 


2021-05-26 


not yet 
calculated 


CVE-2021-3527 
MISC 
MISC 
MISC 
MISC 








qemu -- qemu 


A NULL pointer dereference flaw was found in the floppy disk 
emulator of QEMU. This issue occurs while processing read/write 
ioport commands if the selected floppy drive is not initialized with 
a block device. This flaw allows a privileged guest user to crash 
the QEMU process on the host, resulting in a denial of service. 
The highest threat from this vulnerability is to system availability. 


2021-05-26 


not yet 
calculated 


CVE-2021-20196 
MISC 
MISC 








qemu -- qemu 


An user able to alter the savevm data (either on the disk or over 
the wire during migration) could use this flaw to to corrupt QEMU 
process memory on the (destination) host, which could potentially 
result in arbitrary code execution on the host with the privileges of 
the QEMU process. 


2021-05-28 


not yet 
calculated 


CVE-2013-4536 
MISC 








qemu -- qemu 


A NULL pointer dereference flaw was found in the am53c974 
SCSI host bus adapter emulation of QEMU in versions before 
6.0.0. This issue occurs while handling the 'Information Transfer’ 
command. This flaw allows a privileged guest user to crash the 
QEMU process on the host, resulting in a denial of service. The 
highest threat from this vulnerability is to system availability. 


2021-05-28 


not yet 
calculated 


CVE-2020-35505 
MLIST 

MISC 

MISC 








qnd -- advance/premium/standard 


Privilege escalation vulnerability in QND 
Advance/Premium/Standard Ver.11.0.4i and earlier allows an 
attacker who can log in to the PC where the product's Windows 
client is installed to gain administrative privileges via unspecified 
vectors. As a result, sensitive information may be altered/obtained 
or unintended operations may be performed. 


2021-05-24 


not yet 
calculated 


CVE-2021-20713 
MISC 
MISC 








radsecproxy -- radsecproxy 


radsecproxy is a generic RADIUS proxy that supports both UDP 
and TLS (RadSec) RADIUS transports. Missing input validation in 
radsecproxy's ‘naptr-eduroam.sh* and ‘radsec-dynsrv.sh’ scripts 
can lead to configuration injection via crafted radsec peer 
discovery DNS records. Users are subject to Information 
disclosure, Denial of Service, Redirection of Radius connection to 
a non-authenticated server leading to non-authenticated network 
access. Updated example scripts are available in the master 
branch and 1.9 release. Note that the scripts are not part of the 
installation package and are not updated automatically. If you are 
using the examples, you have to update them manually. The 
dyndisc scripts work independently of the radsecproxy code. The 
updated scripts can be used with any version of radsecproxy. 


2021-05-28 


not yet 
calculated 


CVE-2021-32642 
MISC 
CONFIRM 








red_hat -- red_hat 


It has been discovered that redhat-certification does not properly 
limit the number of recursive definitions of entities in XML 
documents while parsing the status of a host. A remote attacker 
could use this vulnerability to consume all the memory of the 
server and cause a Denial of Service. This flaw affects redhat- 
certification version 7. 


2021-05-26 


not yet 
calculated 


CVE-2018-10868 
MISC 








red_hat -- red_hat 


A flaw was found in Red Hat Quay, where it has a persistent 
Cross-site Scripting (XSS) vulnerability when displaying a 
repository's notification. This flaw allows an attacker to trick a user 
into performing a malicious action to impersonate the target user. 
‘The highest threat from this vulnerability is to confidentiality, 
integrity, as well as system availability. 


2021-05-27 


not yet 
calculated 


CVE-2020-27832 
MISC 








red_hat -- red_hat 











It has been discovered that redhat-certification does not perform 
an authorization check and it allows an unauthenticated user to 
remove a "system" file, that is an xml file with host related 
information, not belonging to him. This flaw affects redhat- 
certification version 7. 








2021-05-26 





not yet 
calculated 








CVE-2018-10866 
MISC 
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It has been discovered that redhat-certification does not perform 
an authorization check and allows an unauthenticated user to call 
red_hat -- red_hat a "restart" RPC method on any host accessible by the system. An 2021-05-26 not yet |CVE-2018-10865 
attacker could use this flaw to send requests to port 8009 of any calculated |MISC 
host or to keep restarting the RHCertD daemon on a host of 
another customer. This flaw affects redhat-certification version 7. 
A flaw was found in Red Hat Ceph Storage 4, in the Dashboard 
component. In response to CVE-2020-27839, the JWT token was oo 
rad hat-< ed hat moved from localStorage to an httpOnly cookie. However, token not yet MISC 
= = cookies are used in the body of the HTTP response for the 2021-05-27 heres 
. : 3 : ‘ calculated ||MISC 
documentation, which again makes it available to XSS.The MISC 
greatest threat to the system is for confidentiality, integrity, and MISC 
availability. (eee 
It has been discovered that redhat-certification does not restrict 
file access in the /update/results page. A remote attacker could 
ped Hatesie Iat use this vulnerability to remove any file accessible by the user 2021-05-26 Pale a i 
which is running httpd. This flaw affects redhat-certification version (rece 
ie 
A malicious container image can consume an unbounded amount 
of memory when being pulled to a container runtime host, such as 
Red Hat Enterprise Linux using podman, or OpenShift Container 
red_hat -- red_hat Platform. An acker can use iis flaw to rick a user, with 2021-05-27 notyet |CVE-2020-1702 
he reas : : calculated ||MISC 
privileges to pull container images, into crashing the process 
responsible for pulling the image. This flaw affects containers- 
image versions before 5.2.0. 
A flaw was found in Red Hat Satellite's Job Invocation, where the 
"User Input" entry was not properly restricted to the view. This flaw CVE-2020-10716 
red_hat -- red_hat allows a malicious Satellite user to scan through the Job 2021-05-27 not yet MISC... 
Invocation, with the ability to search for passwords and other calculated MISC 
sensitive data. This flaw affects tfm-rubygem-foreman_ansible ee 
versions before 4.0.3.4. 
A flaw was found in Red Hat Quay, where it does not properly 
red_hat -- red_hat protect the authorization token when authorizing email addresses 2021-05-27 not yet |CVE-2020-27831 
for repository email notifications. This flaw allows an attacker to calculated |MISC 
add email addresses they do not own to repository notifications. 
A flaw was found in Red Hat 3scale’s API docs URL, where it is 
red_hat -- red_hat accessible without credentials. This flaw allows an attacker to view 2021-05-26 not yet ||CVE-2020-25634 
sensitive information or modify service APIs. Versions before calculated ||MISC 
3scale-2.10.0-ER1 are affected. 
An insecure modification flaw in the /etc/passwd file was found in 
red_hat -- red_hat the redhat-sso-7 container. An attacker with access to the 2021-05-26 not yet |CVE-2020-10695 
container can use this flaw to modify the /etc/passwd and escalate calculated |MISC 
their privileges. 
It has been discovered that redhat-certification is not properly 
configured and it lists all files and directories in the 
red_hat -- red_hat /var/www/rhcert/store/transfer directory through the /rhcert-transfer 2021-05-26 not yet |CVE-2018-10863 
URL. An unauthorized attacker may use this flaw to gather calculated |MISC 
sensible information. This flaw affects redhat-certification version 
hs 
‘A cross-site scripting (XSS) flaw was found in RESTEasy in 
(aieeeyioaeheey versions before 3.11.1.Final and before 4.5.3.Final, where it did soil a 
not properly handle URL encoding when the RESTEASY003870 2021-05-27 calculated MISC 
exception occurs. An attacker could use this flaw to launch a MISC 
reflected XSS attack. (xcs 
A flaw was found in RESTEasy, where an incorrect response to an 
HTTP request is provided. This flaw allows an attacker to gain 
hepiaany —- testes) access to pralegea information. The highest threat from this 2021-05-26 te - d i eine 
vulnerability is to confidentiality and integrity. Versions before calcurated jis 
resteasy 2.0.0.Alpha3 are affected. 
Roomer is a discord bot cog (extension) which provides automatic 
voice channel generation as well as private voice and text 
channels. A vulnerability has been discovered allowing discord 
users to get the ‘manage channel” permissions in a private VC CVE-2021-32646 
roomer -- roomer they have joined. This allowed them to make changes to or delete 2024-05-28 not yet CONFIRM 
the voice channel they have taken over. The exploit does not allow calculated MISC. 
access or control to any other channels in the server. Upgrade to basins 
version 1.0.1 for a patched version of the cog. As a workaround 
you may disable private VCs in your guild(server) or unload the 
roomer cog to render the exploit unusable. 
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A flaw was found in rsync in versions since 3.2.0pre1. Rsync 
improperly validates certificate with host mismatch vulnerability. A 
remote, unauthenticated attacker could exploit the flaw by 
rsync -- rsync performing a man-in-the-middle attack using a valid certificate for 2021-05-27 not yet ||CVE-2020-14387 
another hostname which could compromise confidentiality and calculated |MISC 
integrity of data transmitted using rsync-ssl. The highest threat 
from this vulnerability is to data confidentiality and integrity. This 
flaw affects rsync versions before 3.2.4. 
: , A possible information disclosure / unintended method execution 
uby..on_fails — niby_on._ falls vulnerability in Action Pack >= 2.0.0 when using the ‘redirect to’ || 2021-05-27 || Motyet |CVE-2021-22885 
‘ ‘ ‘ , ; calculated |MISC 
or ‘polymorphic_urlhelper with untrusted user input. 
runc before 1.0.0-rc95 allows a Container Filesystem Breakout via pear ais 
Directory Traversal. To exploit the vulnerability, an attacker must nea 
runc -- runc : : , : - not yet MISC 
be able to create multiple containers with a fairly specific mount 2021-05-27 calculated MISC 
configuration. The problem occurs via a symlink-exchange attack FEDORA 
that relies on a race condition. FEDORA 
Deno is a runtime for JavaScript and TypeScript that uses V8 and 
is built in Rust. In Deno versions 1.5.0 to 1.10.1, modules that are 
rust -- deno dynamically imported through ‘import()’ or ‘new Worker’ might 2021-05-28 not yet |CVE-2021-32619 
have been able to bypass network and file system permission calculated |CONFIRM 
checks when statically importing other modules. The vulnerability 
has been patched in Deno release 1.10.2. 
please before 0.4 allows a local unprivileged attacker to gain ig : 
knowledge about the existence of files or directories in privileged not yet pee dee AWE 
rust -- please : F : . 2021-05-27 MISC 
locations via the search_path function, the --check option, or the - calculated 
d onti MISC 
option. 
nighiplease Failure to normalize the umask in please before 0.4 allows a local not vet CVE-2021-31155 
P attacker to gain full root privileges if they are allowed to execute at || 2021-05-27 saieated MISC 
least one command. MISC 
rust -- please pleaseedit in please before 0.4 uses predictable temporary not yet CVE-2021-31154 
filenames in /tmp and the target directory. This allows a local 2021-05-27 caléulated MISC 
attacker to gain full root privileges by staging a symlink attack. MISC 
Use of Password Hash with Insufficient Computational Effort 
vulnerability exists in ClearSCADA (all versions), EcoStruxure 
Geo SCADA Expert 2019 (all versions), and EcoStruxure Geo 
F SCADA Expert 2020 (V83.7742.1 and prior), which could cause 
scada — multiple_products the revealing of account credentials when server database files 2021-05-26 hotyet ie =seeede ated 
: : calculated ||MISC 
are available. Exposure of these files to an attacker can make the 
system vulnerable to password decryption attacks. Note that 
“'sde” configuration export files do not contain user account 
password hashes. 
Untrusted search path vulnerability in the installers of ScanSnap 
Manager prior to versions V7.0L20 and the Software Download CVE-2021-20722 
scansnap -- manager Installer prior to WinSSInst2JP.exe and WinSSInst2ix1500JP.exe not yet | ea 
ane : 2021-05-24 MISC 
allows an attacker to gain privileges and execute arbitrary code calculated MISC 
with the privilege of the user invoking the installer via a Trojan ieee 
horse DLL in an unspecified directory. 
: : Information Exposure vulnerability exists in homeLYnk (Wiser For 
pchncider_slechic:= KNX) and spaceLYnk V2.60 and prior which could cause a device || 2021-05-26 || Notyet CVE-2021-22739 
homelynk_and_spacelynk ° Sa es calculated |MISC 
to be compromised when it is first configured. 
‘ . Information Exposure vulnerability exists in homeLYnk (Wiser For 
ee a KNX) and spaceLYnk V2.60 and prior which could cause 2021-05-26 || otyet oe 
ynk_and_sp y information to be exposed when an unauthorized file is uploaded. fae 
Improper Verification of Cryptographic Signature vulnerability 
schneider_electric -- exists inhomeLYnk (Wiser For KNX) and spaceLYnk V2.60 and 2021-05-26 not yet CVE-2021-22735 
homelynk_and_spacelynk prior which could allow remote code execution when unauthorized calculated |MISC 
code is copied to the device. 
Use of a Broken or Risky Cryptographic Algorithm vulnerability 
schneider_electric -- exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and 2021-05-26 not yet CVE-2021-22738 
homelynk_and_spacelynk prior that could cause unauthorized access when credentials are calculated ||MISC 
discovered after a brute force attack. 
Improper Privilege Management vulnerability exists in homeLYnk 
schneider_electric -- (Wiser For KNX) and spaceLYnk V2.60 and prior which could 2021-05-26 not yet |CVE-2021-22733 
homelynk_and_spacelynk cause shell access when unauthorized code is loaded into the calculated |MISC 
system folder. 
Improper Limitation of a Pathname to a Restricted Directory (‘Path 
schneider_electric -- Traversal’) vulnerability exists in homeLYnk (Wiser For KNX) and 2021-05-26 not yet |CVE-2021-22736 
homelynk_and_spacelynk spaceLYnk V2.60 and prior which could cause a denial of service calculated |MISC 











when an unauthorized file is uploaded. 
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Published 


Cvss 
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Source & Patch 
Info 








schneider_electric -- 
homelynk_and_spacelynk 


Improper Privilege Management vulnerability exists in homeLYnk 
(Wiser For KNX) and spaceLYnk V2.60 and prior which could 
cause a code execution issue when an attacker loads 
unauthorized code on the web server. 


2021-05-26 


not yet 
calculated 


CVE-2021-22732 
MISC 








schneider_electric -- 
homelynk_and_spacelynk 


Insufficiently Protected Credentials vulnerability exists in 
homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior that 
could cause unauthorized access of when credentials are 
discovered after a brute force attack. 


2021-05-26 


not yet 
calculated 


CVE-2021-22737 
MISC 








schneider_electric -- 
homelynk_and_spacelynk 


Improper Verification of Cryptographic Signature vulnerability 
exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and 
prior which could cause remote code execution when an attacker 
loads unauthorized code. 


2021-05-26 


not yet 
calculated 


CVE-2021-22734 
MISC 








seacms -- seacms 


A cross-site scripting (XSS) vulnerability has been discovered in 
the login page of SeaCMS version 11 which allows an attacker to 
inject arbitrary web script or HTML. 


2021-05-28 


not yet 
calculated 


ICVE-2020-26642 
MISC 








simantic -- multiple_ products 


A vulnerability has been identified in SIMATIC Drive Controller 
family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller 
CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC 
ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS 
variants) (All versions), SIMATIC S7-1200 CPU family (incl. 
SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU 
family (incl. related ET200 CPUs and SIPLUS variants) (All 
versions < V2.9.2), SIMATIC S7-1500 Software Controller (All 
versions), SIMATIC S7-PLCSIM Advanced (All versions < V4.0). 
Affected devices are vulnerable to a memory protection bypass 
through a specific operation. A remote unauthenticated attacker 
with network access to port 102/tcp could potentially write arbitrary 
data and code to protected memory areas or read sensitive data 
to launch further attacks. 


2021-05-28 


not yet 
calculated 


CVE-2020-15782 
CONFIRM 








singularity -- singularity 


### Impact Due to incorrect use of a default URL, “singularity” 
action commands (‘run’/‘shell’/"exec’) specifying a container 
using a ‘library://’ URI will always attempt to retrieve the container 
from the default remote endpoint (‘cloud.sylabs.io’) rather than the 
configured remote endpoint. An attacker may be able to push a 
malicious container to the default remote endpoint with a URI that 
is identical to the URI used by a victim with a non-default remote 
endpoint, thus executing the malicious container. Only action 
commands (‘run’/‘shell’/exec’) against ‘library:/// URIs are 
affected. Other commands such as ‘pull’ / ‘push’ respect the 
configured remote endpoint. ### Patches All users should 
upgrade to Singularity 3.7.4 or later. #### Workarounds Users who 
only interact with the default remote endpoint are not affected. 
Installations with an execution control list configured to restrict 
execution to containers signed with specific secure keys are not 
affected. ### For more information General questions about the 
impact of the advisory can be asked in the: - [SingularityCE Slack 
Channel](https://singularityce.slack.com) - [SingularityCE Mailing 
List](https://groups.google.com/g/singularity-ce) Any sensitive 
security concerns should be directed to: security@sylabs.io See 
our Security Policy here: https://sylabs.io/security-policy 


2021-05-28 


not yet 
calculated 


CVE-2021-32635 
CONFIRM 








smallrye -- smallrye 


A flaw was found in SmallRye's API through version 1.6.1. The 
API can allow other code running within the application server to 
potentially obtain the ClassLoader, bypassing any permissions 
checks that should have been applied. The largest threat from this 
vulnerability is a threat to data confidentiality. This is fixed in 
SmallRye 1.6.2 


2021-05-28 


not yet 
calculated 


CVE-2020-1729 
MISC 








sonicwall -- nsm_on-prem 


A vulnerability in the SonicWall NSM On-Prem product allows an 
authenticated attacker to perform OS command injection using a 
crafted HTTP request. This vulnerability affects NSM On-Prem 
2.2.0-R10 and earlier versions. 


2021-05-27 


not yet 
calculated 


CVE-2021-20026 
CONFIRM 








spice -- spice 


A flaw was found in spice in versions before 0.14.92. A DoS tool 
might make it easier for remote attackers to cause a denial of 
service (CPU consumption) by performing many renegotiations 
within a single connection. 


2021-05-28 


not yet 
calculated 


CVE-2021-20201 
MISC 
MISC 








spring_ framework -- 
spring_ framework 


In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 
5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a 
privilege escalation: by (re)creating the temporary storage 
directory, a locally authenticated malicious user can read or 
modify files that have been uploaded to the WebFlux application, 
or overwrite arbitrary files with multipart request data. 


2021-05-27 


not yet 
calculated 


CVE-2021-22118 
MISC 








squid -- squid 











An issue was discovered in Squid before 4.15 and 5.x before 
5.0.6. Due to an input-validation bug, it is vulnerable to a Denial of 
Service attack (against all clients using the proxy). A client sends 
an HTTP Range request to trigger this. 








2021-05-27 





not yet 
calculated 








CVE-2021-31808 
MISC 
MISC 
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arbitrary authentication. An attacker can send an unauthenticated 
message to trigger this vulnerability. 

















Prima’ rae : CVSS Source & Patch 
Vendor -- Pesalick Description Published Score Info 
An issue was discovered in Squid before 4.15 and 5.x before 
5.0.6. Due to incorrect parser validation, it allows a Denial of 
: , Service attack against the Cache Manager API. This allows a not yet CVE-2021-28652 
squid -- squid t ; . ; 2021-05-27 MISC 
rusted client to trigger memory leaks that. over time, lead to a calculated MISC 
Denial of Service via an unspecified short query string. This attack ce 
is limited to clients with Cache Manager API access privilege. 
Squid before 4.15 and 5.x before 5.0.6 allows remote servers to 
squid -- squid cause a denial of service (affecting availability to all clients) via an not yet 1 ans 
HTTP response. The issue trigger is a header that can be 2021-05-28 calculated MISC 
expected to exist in HTTP traffic without any malicious intent by MISC 
the server. == 
An issue was discovered in Squid before 4.15 and 5.x before 
squid -- squid 5.0.6. Due to a memory-management bug, it is vulnerable to a 2021-05-27 not yet oo 
Denial of Service attack (against all clients using the proxy) via ee calculated | a5 
; MISC 
HTTP Range request processing. poser 
An issue was discovered in Squid 4.x before 4.15 and 5.x before CVE-2021-28662 
squid -- squid 5.0.6. If a remote server sends a certain response header over 2021-05-27 not yet MISC 
HTTP or HTTPS, there is a denial of service. This header can calculated ||MISC 
plausibly occur in benign network traffic. MISC 
An issue was discovered in Squid before 4.15 and 5.x before 
5.0.6. Due to a buffer-management bug, it allows a denial of 
squid -- squid service. When resolving a request with the urn: scheme, the 2024-05-27 not yet wee 
parser leaks a small amount of memory. However, there is an calculated MISC 
unspecified attack methodology that can easily trigger a large <r 
amount of memory consumption. 
stmicroelectronics -- CVE-2021-29414 
SiRnaold deviens STMicroelectronics STM32L4 devices through 2021-03-29 have 2021-05-21 not yet |MISC 
= incorrect physical access control. calculated |MISC 
MISC 
STMicroelectronics STM32L4 devices through 2020-10-19 have CVE-2020-27212 
stmicroelectronics -- incorrect access control. The flash read-out protection (RDP) can ‘ove ice 
stm32l4_ devices be degraded from RDP level 2 (no access via debug interface) to || 2021-05-21 ees MISC 
level 1 (limited access via debug interface) by injecting a fault MISC 
during the boot phase. oe 
When using a sync_repl client in 389-ds-base, an authenticated 
sync_repl —sync_repl attacker can cause a NULL pointer dereference using a specially 2021-05-28 o ae a 
crafted query, causing a crash. calcurated jis 
The Tableau integration in RSA Archer 6.4 P1 (6.4.0.1) through 
ieableatcrSararcher 6.9 P2 (6.9.0.2) is affected by an insecure credential storage not yet CVE-2021-29253 
= vulnerability. An malicious attacker with access to the Tableau 2021-05-26 ealculated MISC 
workbook file may obtain access to credential information to use it CONFIRM 
in further attacks. 
RSA Archer before 6.9 SP1 P1 (6.9.1.1) contains a stored XSS CVE-2021-29252 
tableau -- rsa_archer vulnerability. A remote authenticated malicious Archer user with 2021-05-26 not yet MISC. 
access to modify link name fields could potentially exploit this calculated CONFIRM 
vulnerability to execute code in a victim's browser. (paren 
‘Tenancy multi-tenant is an open source multi-domain controller for 
the Laravel web framework. In some situations, it is possible to 
have open redirects where users can be redirected from your site 
to any other site using a specially crafted URL. This is only the CVE-2021-32645 
tenancy -- tenancy case for installations where the default Hostname Identification is not yet CONFIRM 
used and the environment uses tenants that have ‘force_https’ set|| 2021-05-27 calculated MISC 
to ‘true’ (default: ‘false’). Version 5.7.2 contains the relevant MISC 
patches to fix this bug. Stripping the URL from special characters MISC 
ito prevent specially crafted URL's from being redirected to. As a 
work around users can set the ‘force_https* to every tenant to 
‘false’, however this may degrade connection security. 
A privilege escalation vulnerability exists in the tdts.ko 
trend_micro -- chrdev_ioctl_handle functionality of Trend Micro, Inc. Home ot vet CVE-2021-32457 
home_network_security Network Security 6.1.567. A specially crafted ioctl can lead to 2021-05-26 y MISC 
: pee : : : : calculated 
increased privileges. An attacker can issue an ioctl to trigger this MISC 
Vulnerability. 
A privilege escalation vulnerability exists in the tdts.ko 
trend_micro -- chrdev_ioctl_handle functionality of Trend Micro, Inc. Home not-vet CVE-2021-32458 
home_network_security Network Security 6.1.567. A specially crafted ioctl can lead to 2021-05-27 y MISC 
: : : ; : calculated 
code execution. An attacker can issue an ioctl to trigger this MISC 
vulnerability. 
A hard-coded password vulnerability exists in the SFTP Log 
trend_micro -- Collection Server function of Trend Micro Inc.’s Home Network Katvet CVE-2021-32459 
home_network_security Security 6.1.567. A specially crafted network request can lead to 2021-05-27 aie ted MISC 


MISC 
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attack, the attacker-supplied operating system commands are 
usually executed with the privileges of the vulnerable application. 
Command injection attacks are possible largely due to insufficient 





input validation. 














Primary ae P Cvss Source & Patch 
Vendor -- Product Bescnpren Published Score Info 
Improper Check for Unusual or Exceptional Conditions 
vulnerability exists in Triconex TCM 4351B installed on Tricon 
triconex -- tricon V11.3.x systems that could cause module reset when TCM 2021-05-26 iS ae oo 
receives malformed TriStation packets while the write-protect ———— 
keyswitch is in the program position. 
Improper Check for Unusual or Exceptional Conditions 
vulnerability exists in Triconex Model 3009 MP installed on Tricon 
V11.3.x systems that could cause module reset when TCM 
triconex -- tricon receives malformed TriStation packets while the write-protect 2021-05-26 Rh . d ares 
keyswitch is in the program position. This CVE ID is unique from tears 
CVE-2021-22742, CVE-2021-22744, CVE-2021-22745, and CVE- 
2021-22746. 
Improper Check for Unusual or Exceptional Conditions 
vulnerability exists in Triconex Model 3009 MP installed on Tricon 
V11.3.x systems that could cause module reset when TCM 
triconex -- tricon receives malformed TriStation packets while the write-protect 2021-05-26 Pits < d a 
keyswitch is in the program position. This CVE ID is unique from i. 
CVE-2021-22742, CVE-2021-22744, CVE-2021-22746, and CVE- 
2021-22747. 
Improper Check for Unusual or Exceptional Conditions 
vulnerability exists in Triconex Model 3009 MP installed on Tricon 
: : V11.3.x systems that could cause module reset when TCM 
MieShiex ISON receives malformed TriStation packets while the write-protect 2021-05-26 Beats d ae 
keyswitch is in the program position. This CVE ID is unique from lees 
CVE-2021-22742, CVE-2021-22745, CVE-2021-22746, and CVE- 
2021-22747. 
Improper Check for Unusual or Exceptional Conditions 
: F vulnerability exists in Triconex Model 3009 MP installed on Tricon 
pibenier = Teoh V11.3.x systems that could cause module reset when TCM 2021-05-26 a i aia 
receives malformed TriStation packets while the write-protect ae 
keyswitch is in the program position. 
Improper Check for Unusual or Exceptional Conditions 
vulnerability exists in Triconex Model 3009 MP installed on Tricon 
: , V11.3.x systems that could cause module reset when TCM 
RiGoHes == too) receives malformed TriStation packets while the write-protect 2021-05-26 Pe = d we 
keyswitch is in the program position. This CVE ID is unique from Reena 
CVE-2021-22742, CVE-2021-22744, CVE-2021-22745, and CVE- 
2021-22747. 
imnvcnewiines —nodeis The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for nok yet CVE-2021-33623 
J Node.js has an issue related to regular expression denial-of- 2021-05-28 Serena MISC 
service (ReDoS) for the .end() method. CONFIRM 
CVE-2021-30501 
bse emburer An assertion abort was found in upx MemBuffer::alloc() in not vet MISC 
B mem.cpp, in version UPX 4.0.0. The flow allows attackers to 2021-05-27 ease MISC 
cause a denial of service (abort) via a crafted file. MISC 
MISC 
Null pointer dereference was found in upx CVE-2021-30500 
upx -- packlinuxelf PackLinuxElf::canUnpack() in p_Ix_elf.cpp,in version UPX 4.0.0. 2021-05-27 not yet |MISC 
That allow attackers to execute arbitrary code and cause a denial calculated ||MISC 
of service via a crafted file. MISC 
In Versa Analytics, the cron jobs are used for scheduling tasks by 
: executing commands at specific dates and times on the server. If 
Moraes ane es the job is run as the user root, there is a potential privilege 2021-05-26 Beem eee 
escalation vulnerability. In this case, the job runs a script as root (aaa 
that is writable by users who are members of the versa group. 
In Versa Director, the unencrypted backup files stored on the 
yarea director Versa deployment contain credentials stored within configuration 2021-05-26 not yet ||CVE-2018-16498 
files. These credentials are for various application components calculated |MISC 
such as SNMP, and SSL and Trust keystores. 
versa — director In Versa Director, the un-authentication request found. 2021-05-26 not yet |GVE-2016-16496 
calculated |MISC 
In Versa Director, the command injection is an attack in which the 
goal is execution of arbitrary commands on the host operating 
system via a vulnerable application. Command injection attacks 
sah are possible when an application passes unsafe user supplied c : 
veroc SIecor data (forms, cookies, HTTP headers etc.) to a system shell. In this || 2021-05-26 a 1 nad 
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Primary ae P Cvss Source & Patch 
Vendor -- Product Bescnpron Published Score Info 
In Versa Director, Versa Analytics and VOS, Passwords are not 
hashed using an adaptive cryptographic hash function or key 
derivation function prior to storage. Popular hashing algorithms 
based on the Merkle-Damgardconstruction (such as MD5 and 
: SHA-1) alone are insufficient in thwarting password cracking. 
versce<muliiple prodguess Attackers can generate and use precomputed hashes for all 2021-05-26 te CS 1 naan 
possible password character combinations (commonly referred to calculated |Milsy 
as "rainbow tables") relatively quickly. The use of adaptive hashing 
algorithms such asscryptorbcryptor Key-Derivation Functions 
(i.e. PBKDF2) to hash passwords make generation of such 
rainbow tables computationally infeasible. 
In VOS compromised, an attacker at network endpoints can 
possibly view communications between an unsuspecting user and 
versa -- VOS the service using man-in-the-middle attacks. Usage of unapproved|| 2021-05-26 not ye peewee 
SSH encryption protocols or cipher suites also violates the Data calculated |MISe 
ryp p p 
Protection TSR (Technical Security Requirements). 
In VOS and overly permissive "umask" may allow for authorized 
users of the server to gain unauthorized access through insecure 
wetse = ¥OS file permissions that can result in an arbitrary read, write, or 2021-05-26 not yet. eee leases 
: : : ; calculated |MISC 
execution of newly created files and directories. Insecure umask 
setting was present throughout the Versa servers. 
In VOS user session identifier (authentication token) is issued to 
the browser prior to authentication but is not changed after the 
versa -- VOS user successfully logs into the application. Failing to issue a new 2021-05-26 not yet |CVE-2018-16495 
session ID following a successful login introduces the possibility calculated |MISC 
for an attacker to set up a trap session on the device the victim is 
likely to login with. 
In vFairs 3.3, any user logged in to a vFairs virtual conference or 
ale WEIS event can modify any other users profile information to include a not yet CVE-2020-26680 
cross-site scripting payload. The user data stored by the database |] 2021-05-26 caleulated MISC 
includes HTML tags that are intentionally rendered out onto the MISC 
page, and this can be abused to perform XSS attacks. 
Fairs 3.3 is affected by Remote Code Execution. Any user CVE-2020-26678 
\Vfairs -- vfairs logged in to a vFairs virtual conference or event can abuse the 2021-05-26 not yet MISC 
functionality to upload a profile picture in order to place a calculated |MISC 
malicious PHP file on the server and gain code execution. MISC 
vFairs 3.3 is affected by Insecure Permissions. Any user logged in 
ito a vFairs virtual conference or event can modify any other users 
profile information or profile picture. After receiving any user's CVE-2020-26679 
faire viairs unique identification number and their own, an HTTP POST nak vet MISC 
request can be made update their profile description or supply a 2021-05-26 eatricied MISC 
new profile image. This can lead to potential cross-site scripting MISC 
attacks on any user, or upload malicious PHP webshells as MISC 
"profile pictures." The user IDs can be easily determined by other 
responses from the API for an event or chat room. 
CVE-2020-26677 
\vfairs -- vfairs Any user logged in to a vFairs 3.3 virtual conference or event can 2021-05-26 not yet MISC 
perform SQL injection with a malicious query to the API. calculated |MISC 
MISC 
VMware Workstation (16.x prior to 16.1.2) and Horizon Client for 
Windows (5.x prior to 5.5.2) contain out-of-bounds read 
vinnware sa workstalion vulnerability in the Cortado ThinPrint component (TTC Parser). A Aokvat CVE-2021-21989 
malicious actor with access to a virtual machine or remote desktop||_ 2021-05-24 Gaited MISC 
may be able to exploit these issues leading to information MISC 
disclosure from the TPView process running on the system where 
Workstation or Horizon Client for Windows is installed. 
VMware Workstation (16.x prior to 16.1.2) and Horizon Client for 
Windows (5.x prior to 5.5.2) contain out-of-bounds read 
NiviWare <<workelation vulnerability in the Cortado ThinPrint component (TTC Parser). A ot vet CVE-2021-21987 
malicious actor with access to a virtual machine or remote desktop] 2021-05-24 y MISC 
; : 3 3 ; calculated 
may be able to exploit these issues leading to information MISC 
disclosure from the TPView process running on the system where 
Workstation or Horizon Client for Windows is installed. 
VMware Workstation (16.x prior to 16.1.2) and Horizon Client for 
Windows (5.x prior to 5.5.2) contain out-of-bounds read 
vulnerability in the Cortado ThinPrint component (JPEG2000 CVE-2021-21988 
vmware -- workstation Parser). A malicious actor with access to a virtual machine or 2024-05-24 not yet MISC... 
remote desktop may be able to exploit these issues leading to calculated MISC 
information disclosure from the TPView process running on the meneians 
system where Workstation or Horizon Client for Windows is 
installed. 
A remote code execution issue was discovered in the web UI of 
Vvolpmonitor -- volpmonitor VolPmonitor before 24.61. When the recheck option is used, the 2021-05-29 not yet |CVE-2021-30461 
user-supplied SPOOLDIR value (which might contain PHP code) calculated |MISC 











is injected into config/configuration.php. 
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users. This can be done by editing the user profile with object 
editor. ### References https://jira.xwiki.org/browse/XWIKI-17942 
### For more information If you have any questions or comments 
about this advisory: * Open an issue in [Jira](http://jira.xwiki.org) * 
Email us at [Security mailing-list](mailto:security@xwiki.org) 

















Prima’ ae : CVSS Source & Patch 
Vendor -- Pesalick Bescpien Published Score Info 
The vSphere Client (HTML5) contains a remote code execution 
vulnerability due to lack of input validation in the Virtual SAN 
vsphere -- client Health Check plug-in which is enabled by default in vCenter not yet CVE-2021-21985 
Server. A malicious actor with network access to port 443 may 2021-05-26 calculated MISC 
exploit this issue to execute commands with unrestricted MISC 
privileges on the underlying operating system that hosts vCenter 
Server. 
The vSphere Client (HTML5) contains a vulnerability in a vSphere 
authentication mechanism for the Virtual SAN Health Check, Site CVE-2021-21986 
vsphere -- client Recovery, vSphere Lifecycle Manager, and VMware Cloud 2021-05-26 not yet cK 
Director Availability plug-ins. A malicious actor with network calculated MISC 
access to port 443 on vCenter Server may perform actions a 
allowed by the impacted plug-ins without authentication. 
‘The Ultimate Member a€“ User Profile, User Registration, Login & 
Membership Plugin WordPress plugin before 2.1.20 did not 
properly sanitise, validate or encode the query string when 
wordpress -- wordpress generating a link to edit user's own profile, leading to an 2021-05-24 not yet |CVE-2021-24306 
authenticated reflected Cross-Site Scripting issue. Knowledge of calculated |CONFIRM 
the targeted username is required to exploit this, and attackers 
would then need to make the related logged in user open a 
malicious link. 
ws is an open source WebSocket client and server library for 
Node.js. A specially crafted value of the “Sec-Websocket-Protocol’ 
header can be used to significantly slow down a ws server. The 
vulnerability has been fixed in ws@7.4.6 
(https://github.com/websockets/ws/commit/00c425ec77993773d82(f018f64a5c44e1 7023ff). CVE-2021-32640 
WS -- WS In vulnerable versions of ws, the issue can be mitigated by 2021-05-25 not yet CONFIRM 
reducing the maximum allowed length of the request headers calculated MISC. 
using the ['--max-http-header-size=size ] —— 
(https://nodejs.org/api/cli.html#cli_max_http_header_size_size) 
and/or the [maxHeaderSize’] 
(https://nodejs.org/api/http.html#http_http_createserver_options_requestlistener) 
options. 
LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 
might allow remote attackers to execute arbitrary code. The libX11 
XLookupColor request (intended for server-side color lookup) 
contains a flaw allowing a client to send color-name requests with CVE-2021-31535 
a name longer than the maximum size allowed by the protocol MISC 
X.Org -- X.org (and also longer than the maximum packet size for normal-sized 2021-05-27 not yet MISC 
packets). The user-controlled data exceeding the maximum size is calculated ||MISC 
then interpreted by the server as additional X protocol requests MISC 
and executed, e.g., to disable X server authorization completely. MISC 
For example, if the victim encounters malicious terminal control 
sequences for color codes, then the attacker may be able to take 
full control of the running graphical session. 
ICVE-2020-25697 
A privilege escalation flaw was found in the Xorg-x11-server due MLIST 
xorg-x11-server -- xorg-x11-server to a lack of authentication for X11 clients. This flaw allows an 2021-05-26 not yet MISC 
attacker to take control of an X application by impersonating the calculated ||MISC 
server it is expecting to connect to. MLIST 
MISC 
### Impact A user without Script or Programming right is able to 
execute script requiring privileges by editing gadget titles in the 
dashboard. ### Patches The issue has been patched in XWiki 
ice ae 12.6.7, 12.10.3 and 13.0RC1. ### Workarounds There's no easy 
es workaround for this issue, it is recommended to upgrade XWiki. 2021-05-28 sy oe ore 
H## References https://jira.xwiki.org/browse/XWIKI-17794 ### For calculated (CONFIRM 
more information If you have any questions or comments about 
this advisory: * Open an issue in [JIRA](https://jira.xwiki.org) * 
Email us at [XWiki security mailing-list](mailto:security@xwiki.org) 
### Impact A user disabled on a wiki using email verification for 
registration can re-activate himself by using the activation link 
provided for his registration. ### Patches The problem has been 
patched in the following versions of XWiki: 11.10.13, 12.6.7, 
xwiki - xwiki 12.10.2, 13.0. ### Workarounds It's possible to workaround the not yet CVE-2021-32620 
issue by resetting the ‘validkey’ property of the disabled XWiki 2021-05-28 calculated MISC 


CONFIRM 
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Prima ar, ; CVSS Source & Patch 
Vendor -- Pesalick Descmpron rubles Score Info 
Multiple directory traversal and buffer overflow vulnerabilities were 
discovered in yTNEF, and in Evolution's TNEF parser that is CVE-2009-3721 
ytnef -- ytnef derived from yTNEF. A crafted email could cause these 2021-05-26 not yet MISC... 
applications to write data in arbitrary locations on the filesystem, calculated MISC 
crash, or potentially execute arbitrary code when decoding ce 
attachments. 
Yubico pam-u2f before 1.1.1 has a logic issue that, depending on 
the pam-u2f configuration and the application used, could lead to 
a local PIN bypass. This issue does not allow user presence 
(touch) or cryptographic signature verification to be bypassed, so CVE-2021-31924 
yubico -- pam-u2f an attacker would still need to physically possess and interact with 2024-05-26 not yet MISC. 
the YubiKey or another enrolled authenticator. If pam-u2f is calculated MISC 
configured to require PIN authentication, and the application using a 
pam-u2f allows the user to submit NULL as the PIN, pam-u2f will 
attempt to perform a FIDO2 authentication without PIN. If this 
authentication is successful, the PIN requirement is bypassed. 
Malformed SPI in response for eswifi can corrupt kernel memory. 
Zephyr versions >= 1.14.2, >= 2.3.0 contain Heap-based Buffer 
zephyr -- zephyr Overtlow (CWE-122), Fer more information, see" 2021-05-25 || Notyet |CVE-2020-13600 
aoe : calculated |IMISC 
https://github.com/zephyrproject- 
rtos/zephyr/security/advisories/GHSA-hx4p-j86p-2mhr 
FS: Buffer Overflow when enabling Long File Names in FAT_FS 
and calling fs_stat. Zephyr versions >= v1.14.2, >= v2.3.0 contain 
zephyr — zephyr Siac taved BufierO ertow (CWE-121). For more information, || 2021-05-25 |} notyet |{CVE-2020-13598 
ae : calculated MISC 
see https://github.com/zephyrproject- 
rtos/zephyr/security/advisories/GHSA-7fhv-rgxr-x56h 
Security problem with settings and littlefs. Zephyr versions >= 
zephyr -- zephyr 1.14.2, >= 2.3.0 contain Incorrect Default Permissions (CWE-276). 2021-05-25 not yet |CVE-2020-13599 
For more information, see https://github.com/zephyrproject- calculated ||MISC 
rtos/zephyr/security/advisories/GHSA-5qhg-j6wc-4f6q 
A flaw was found in the ZeroMQ server in versions before 4.3.3. 
Zeromg -- zeromq This flaw allows a malicious client to cause a stack buffer overflow not yet CVE-2021-20236 
on the server by sending crafted topic subscription requests and 2021-05-28 calculated MISC 
then unsubscribing. The highest threat from this vulnerability is to MISC 
confidentiality, integrity, as well as system availability. 
An uncontrolled resource consumption (memory leak) flaw was 
found in ZeroMQ's src/xpub.cpp in versions before 4.3.3. This flaw 
Zeromg -- zeromq allows a remote unauthenticated attacker to send crafted PUB not yet CVE-2021-20237 
messages that consume excessive memory if the CURVE/ZAP 2021-05-28 calculated MISC 
authentication is disabled on the server, causing a denial of MISC 
service. The highest threat from this vulnerability is to system 
availability. 
Cross-site scripting vulnerability in ZettlIr from 0.20.0 to 1.8.8 CVE-2021-20727 
zettlr -- zettlr : F F . not yet MISC 
allows an attacker to execute an arbitrary script by loading a file or||_ 2021-05-27 
: 5 5 atte : calculated ||MISC 
code snippet containing an invalid iframe into Zettlr. MISC 
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